我对Spring和Spring安全性比较陌生。
我试图写一个程序,我需要在服务器端使用Spring安全来验证用户,
我想出了以下几点:
public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider{
@Override
protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken)
throws AuthenticationException
{
System.out.println("Method invoked : additionalAuthenticationChecks isAuthenticated ? :"+usernamePasswordAuthenticationToken.isAuthenticated());
}
@Override
protected UserDetails retrieveUser(String username,UsernamePasswordAuthenticationToken authentication) throws AuthenticationException
{
System.out.println("Method invoked : retrieveUser");
//so far so good, i can authenticate user here, and throw exception if not authenticated!!
//THIS IS WHERE I WANT TO ACCESS SESSION OBJECT
}
}
我的用例是,当用户通过身份验证时,我需要放置一个属性,如下所示:
session.setAttribute("userObject", myUserObject);
myUserObject是某个类的对象,我可以跨多个用户请求在整个服务器代码中访问它。
https://stackoverflow.com/questions/1629211
复制相似问题