spring-security - 从 Spring Security 中的链接以编程方式登录

Question

我正在尝试自动授权而无需在 Spring Security 中登录。用户将通过单击网站中的链接获得授权。

我有一个类 UserLoginService ，它从这样的 spring-security xml 文件中调用；

     <authentication-manager>
        <authentication-provider user-service-ref="userLoginService" >
            <password-encoder hash="md5"/>   
        </authentication-provider> 
    </authentication-manager>

    <beans:bean id="userLoginService"
        class="tr.com.enlil.formdesigner.server.guvenlik.UserLoginService">

    </beans:bean>

用户登录服务类；

public class UserLoginService implements UserDetailsService {
    private static Logger logger = Logger.getLogger(InitServlet.class);

    @Autowired
    private IKullaniciBusinessManager iKullaniciBusinessManager;

    /**
     * {@inheritDoc}
     */
    @Override
    public UserDetails loadUserByUsername(String username) {
        try {
            Kullanici kullanici = new Kullanici();
            kullanici.setKullaniciAdi(username);
            Kullanici kullaniciBusinessManager = iKullaniciBusinessManager.getirKullaniciAdinaGore(kullanici);
            User user = new User();
            if (kullaniciBusinessManager != null && kullaniciBusinessManager.getAktifmi()) {
                user.setUsername(kullaniciBusinessManager.getKullaniciAdi());
                user.setPassword(kullaniciBusinessManager.getSifre());
                user.setKullanici(kullaniciBusinessManager);
                List<String> yetkiListesi = new ArrayList<String>();
                List<GrantedAuthority> grandAuthorities = new ArrayList<GrantedAuthority>();
                //TODO yetkilerle alakalı birşey yapmak gerekebilir.
                for (String yetki : yetkiListesi) {
                    GrantedAuthorityImpl g = new GrantedAuthorityImpl(yetki);
                    grandAuthorities.add(g);
                }
                user.setAuthorities(grandAuthorities);
            }
            return user;
        } catch (Exception e) {
            logger.error("Kullanici alinirken hata olustu!!", e);
        }
        return null;

    }

    public static void autoLogin(User user, HttpServletRequest request, AuthenticationManager authenticationManager) {

        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(),
                user.getPassword(), user.getAuthorities());

        // generate session if one doesn't exist
        request.getSession();

        token.setDetails(new WebAuthenticationDetails(request));
        Authentication authenticatedUser = authenticationManager.authenticate(token);

        SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
        // setting role to the session
        request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
                SecurityContextHolder.getContext());

    }
}

我从没有用户名/密码的 Make Programmatic login 中找到了 autoLogin 方法？. 但我不知道，我可以从哪里调用这个方法，这段代码对我有帮助吗？

提前致谢。

Answer 1

您必须创建自己的 AbstractPreAuthenticatedProcessingFilter 实现。getPreAuthenticatedPrincipal(HttpServletRequest request) 方法将具有可以从中获取凭据的请求。如果它是有效用户，则需要返回主题；如果不是，则需要返回 null。您的 UserDetailsS​​ervice 实现会将主题转换为 UserDetails 对象。