问题描述
在一个新的用户提交一个新帐户的形式,我想手动登录,这样他们不必登录随后的页面上的用户。
After a new user submits a 'New account' form, I want to manually log that user in so they don't have to login on the subsequent page.
通过弹簧安全拦截器将正常的形式登录页面的作品就好。
The normal form login page going through the spring security interceptor works just fine.
在新帐户表单控制器我创建一个UsernamePasswordAuthenticationToken和SecurityContext的手动设置的:
In the new-account-form controller I am creating a UsernamePasswordAuthenticationToken and setting it in the SecurityContext manually:
SecurityContextHolder.getContext().setAuthentication(authentication);
在同一页面上我后来检查用户与登录:
On that same page I later check that the user is logged in with:
SecurityContextHolder.getContext().getAuthentication().getAuthorities();
这将返回我刚才在认证设置权限。一切都很好。
This returns the authorities I set earlier in the authentication. All is well.
但是,当同样的code被称为非常下一页我加载上,身份验证令牌只是UserAnonymous。
But when this same code is called on the very next page I load, the authentication token is just UserAnonymous.
我不明白为什么它没有保留我的previous要求设置认证。有什么想法?
I'm not clear why it did not keep the authentication I set on the previous request. Any thoughts?
- 莫非有会话ID的未设置是否正确?做
- 有一些可能是覆盖我的身份验证不知何故?
- 也许我只需要另一步保存验证?
- 或者是有什么我需要做的声明在整个会话的认证,而不是一个请求不知何故?
只是寻找一些想法,可能会帮我看看这里发生了什么。
Just looking for some thoughts that might help me see what's happening here.
推荐答案
我有同样的问题,因为你而回。我不记得细节,但下面的code得到的东西为我工作。这code是一个春天的Webflow流中使用,因此RequestContext的和的ExternalContext类。但是,这是最贴近你的部分是doAutoLogin方法。
I had the same problem as you a while back. I can't remember the details but the following code got things working for me. This code is used within a Spring Webflow flow, hence the RequestContext and ExternalContext classes. But the part that is most relevant to you is the doAutoLogin method.
public String registerUser(UserRegistrationFormBean userRegistrationFormBean,
RequestContext requestContext,
ExternalContext externalContext) {
try {
Locale userLocale = requestContext.getExternalContext().getLocale();
this.userService.createNewUser(userRegistrationFormBean, userLocale, Constants.SYSTEM_USER_ID);
String emailAddress = userRegistrationFormBean.getChooseEmailAddressFormBean().getEmailAddress();
String password = userRegistrationFormBean.getChoosePasswordFormBean().getPassword();
doAutoLogin(emailAddress, password, (HttpServletRequest) externalContext.getNativeRequest());
return "success";
} catch (EmailAddressNotUniqueException e) {
MessageResolver messageResolvable
= new MessageBuilder().error()
.source(UserRegistrationFormBean.PROPERTYNAME_EMAIL_ADDRESS)
.code("userRegistration.emailAddress.not.unique")
.build();
requestContext.getMessageContext().addMessage(messageResolvable);
return "error";
}
}
private void doAutoLogin(String username, String password, HttpServletRequest request) {
try {
// Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);
token.setDetails(new WebAuthenticationDetails(request));
Authentication authentication = this.authenticationProvider.authenticate(token);
logger.debug("Logging in with [{}]", authentication.getPrincipal());
SecurityContextHolder.getContext().setAuthentication(authentication);
} catch (Exception e) {
SecurityContextHolder.getContext().setAuthentication(null);
logger.error("Failure in autoLogin", e);
}
}
这篇关于如何手动设置Spring Security的/一个用SpringMVC身份验证的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!