问题描述

在我的应用程序正在使用LDAP身份验证。但我也有通过哪些方法登录（用户名，密码）要求验证2远程服务。该方法返回的安全令牌，这使得我能够调用另一个方法，即我应该通过安全令牌服务方式的第一个参数。结果
所以，我想成功的使用登录LDAP后，立即获得这些安全性令牌并将它们存储在SecurityContext中。我试图用的认证成功处理程序-REF 的形式登录的元素。在自定义AuthenticationToken持有不仅密码，但也安全令牌SecurityContext中使用的处理器取代我的验证的对象。但是，在这种情况下，我有没有认证供应商支持此类令牌异常。
我知道这是也可以存储令牌HTTP会话，但在这种情况下，我必须通过会话服务对象，所以我想给的令牌存储在SecurityContext中。

In my application I'm using LDAP authentication. But i'm also have 2 remote services which requires authentication via method login(username, password). The method returns security token which makes me able to invoke another methods, i.e. I should pass security token to service methods as first argument.
So I'd like to get these security tokens immediately after successful login using LDAP and store them in SecurityContext. I tried to use authentication-success-handler-ref of form-login element. Using the handler I replace Authentication object in the SecurityContext with custom AuthenticationToken that holds not only password but also security tokens. But in this case I have an exception that no authentication provider supports this class of token. I know it's also possible to store tokens in the HTTP session but in this case I have to pass session to service object, so I'd like to store the tokens in SecurityContext.

什么是最好的方法来处理服务的安全性令牌？

What is the best approach to handle service security token?

推荐答案

我经常使用 Authentication.getDetails（）对象来存储，不得直接链接的附加信息以每说用户。所以，你可以存储在该领域所需的任何对象（比如一个HashMap）和它共享验证对象的生命周期。

I often use the Authentication.getDetails() object to store additional info that may not be directly linked to the user per say. So you can store any object you want in that field (a HashMap for instance) and it shares the Authentication object life cycle.

HashMap<String, Object> info = new HashMap<String, Object>();
info.put("extraInfo", "info");
auth.setDetails(info);
...
Map<String, Object> i = (Map<String, Object>)SecurityContextHolder.getContext().getAuthentication.getDetails();

这篇关于如何存储在春季安全的SecurityContext的自定义信息？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！