12

在 Spring 和 Spring Security 3.1 中以特定用户名以编程方式登录 Web 访问者的正确方法是什么?看来我在 2.5 下的操作方式发生了一些变化。我相信现在有更好的方法来做到这一点。

基本上,当我创建一个新用户时,我还需要同时登录他们。

4

4 回答 4

19

创建一个Authentication(通常是 a UsernamePasswordAuthenticationToken)然后调用

SecurityContextHolder.getContext().setAuthentication(authentication)
于 2011-09-30T21:43:43.560 回答
4

这三行代码为我完成了工作:

        Authentication request = new UsernamePasswordAuthenticationToken( username, password );
    Authentication result = authenticationManager.authenticate( request );
    SecurityContextHolder.getContext().setAuthentication( result );
于 2012-12-18T22:03:08.497 回答
2

如果您有兴趣出于测试目的这样做,您可以这样做:

    UserDetails user = _userService.loadUserByUsername(username);
    TestingAuthenticationToken token = new TestingAuthenticationToken(user,null);
    SecurityContextHolder.getContext().setAuthentication(token);

用户服务是你实现 UserDetailsS​​ervice 的东西

于 2014-06-19T09:02:10.717 回答
0

您可以编写一个custom UsernamePasswordAuthenticationFilter扩展 Spring 的UsernamePasswordAuthenticationFilter.

这是代码:

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, authResult);
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authResult;
        WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
        String address = details.getRemoteAddress();
        User user = (User) authResult.getPrincipal();
        String userName = user.getUsername();
        System.out.println("Successful login from remote address: " + address + " by username: "+ userName);
    }

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
        super.unsuccessfulAuthentication(request, response, failed);
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) failed.getAuthentication();
        WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
        String address = details.getRemoteAddress();
        System.out.println("Failed login try from remote address: " + address);
    }
}
于 2011-09-30T21:48:52.457 回答