【问题标题】:How to add values into Spring SecurityContextHolder如何将值添加到 Spring SecurityContextHolder
【发布时间】:2014-01-12 09:12:22
【问题描述】:

我有登录参数

1.userName

2.password

3.companyId

我已经使用以下代码获得了用户名和密码

 Authentication auth = SecurityContextHolder.getContext().getAuthentication();

 String name = auth.getName();

 String pwd = auth.getCredentials();

 String companyId= ???//How can i set and then get company Id here.

我的问题是如何使用 SecurityContextHolder 获得额外的登录参数(companyId)?

提取类可能不是弹簧控制器。这就是我使用的原因 SecurityContextHolder 而不是 HttpSession。

谢谢,

【问题讨论】:

    标签: spring spring-mvc spring-security spring-webflow


    【解决方案1】:

    创建简单的 SpringSecurityFilter 过滤器。使用 setDetails 方法为用户添加额外的详细信息。

    package org.example;  
    public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
    
       protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
          SecurityContext sec = SecurityContextHolder.getContent();
          AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
          HashMap<String, Object> info = new HashMap<String, Object>();
          info.put("companyId", 42);
          auth.setDetails(info);
       }
    
    }
    

    像这样将它添加到 Spring Security Filter Chain(这不是 web.xml,而是类似于 applicationContext-security.xml):

    <bean id="customDeatilsSecurityFilter" class="org.example.CustomDeatilsSecurityFilter">
       <custom-filter position="LAST" />
    </bean>
    

    然后在代码的某个地方你可以做这样的事情:

    Map<String, Object> info = (Map<String, Object>)SecurityContextHolder.getContext().getAuthentication.getDetails();  
    int companyId = info.get("companyId");  
    

    Spring Security 的基本安装 在 web.xml 中

    <context-param>
        <param-name>patchConfigLocation</param-name>
        <param-value>
            classpath:/applicationContext.xml
           /WEB-INF/applicationContext-datasource.xml
           /WEB-INF/applicationContext-security.xml
        </param-value>
    </context-param>
    
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    

    在 applicationContext-security.xml 中

    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:p="http://www.springframework.org/schema/p"
        xmlns:sec="http://www.springframework.org/schema/security"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:util="http://www.springframework.org/schema/util"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context-3.2.xsd
            http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-3.1.xsd
            http://www.springframework.org/schema/util
            http://www.springframework.org/schema/util/spring-util-3.2.xsd">  
    ...
        <bean id="customDeatilsSecurityFilter" class="org.example.CustomDeatilsSecurityFilter">
           <custom-filter position="LAST" />
        </bean>
    ...
    

    在项目的 pom.xml 中

        <!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>3.1.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>3.1.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>3.1.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-acl</artifactId>
            <version>3.1.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>3.1.3.RELEASE</version>
        </dependency>
        <!-- !Spring Security -->
    

    【讨论】:

    • 谢谢 Anton Shchastnyi.. 什么是身份验证?你能给我一个完整的例子吗?我是春天的新手。
    • 继承的类“SpringSecurityFilter”不存在。??我们如何在普通 bean 中指定“自定义过滤器”?
    • 好的,考虑更新项目的 pom.xml、web.xml 和 security.xml。确保正确包含 Spring 的 applicationContext.xml、applicationContext-security.xml
    • 感谢 Anton Shchastnyi..但是我们如何扩展“SpringSecurityFilter”..没有这样的类...
    • 哦,很抱歉,这个类似乎在旧版本的 Spring Security docs.spring.io/autorepo/docs/spring-security/2.0.x/apidocs/org/… 中。因此,您可以从 3.1.3.RELEASE 降级到 2.0.x 以启动上面的代码,或者您可以在其他地方更新 Authentication 对象。考虑看看stackoverflow.com/questions/18220556/…
    猜你喜欢
    • 1970-01-01
    • 2021-05-31
    • 2011-03-28
    • 2019-09-08
    • 1970-01-01
    • 2013-08-09
    • 2017-06-21
    • 2021-02-10
    • 2021-08-29
    相关资源
    最近更新 更多