Spring BlazeDS Integration之spring security(5)---自定义rememberMeServices的注意事项
来源:互联网 发布:娱乐圈八卦 知乎 编辑:程序博客网 时间:2024/05/29 19:18
重新贴出我的自定义rememberMeServices,注意事项,都在注释里面(没事研究一下spring security源码会有新发现的)
package test;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.servlet.http.HttpSession;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.flex.samples.product.IProductDAO;import org.springframework.security.authentication.AuthenticationDetailsSource;import org.springframework.security.core.Authentication;import org.springframework.security.core.context.SecurityContext;import org.springframework.security.core.context.SecurityContextHolder;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.web.authentication.WebAuthenticationDetails;import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;import org.springframework.security.web.context.HttpSessionSecurityContextRepository;import flex.messaging.FlexContext;import flex.messaging.FlexSession;public class MyRememberMeServices extends TokenBasedRememberMeServices {private static final String CURRENT_NAME = "current_name";@Autowiredprivate IProductDAO securedProductService;protected AuthenticationDetailsSource authenticationDetailsSource = new WebAuthenticationDetailsSource();@Overridepublic void onLoginSuccess(HttpServletRequest request,HttpServletResponse response,Authentication successfulAuthentication) {super.onLoginSuccess(request, response, successfulAuthentication);SecurityContextHolder.getContext().setAuthentication(successfulAuthentication);this.afterOnLoginSuccess(request, response, successfulAuthentication);}/** * 当用户已经登出(或者用户从来没有登陆过),再次登陆的时候,会调用此方法 * 进入此方的时候,session已经新建好了,可以自行往session 里面设置相关properties * * 在此方法,调用之后,spring security会把 Authentication 设置到session 里, key 是 HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY * 详见:void org.springframework.security.web.context.HttpSessionSecurityContextRepository.SaveToSessionResponseWrapper.saveContext(SecurityContext context) * * 所以, 想要获得Authentication 就有两种途径了: * 1 Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); * 2 SecurityContext context = (SecurityContext)httpSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); * Authentication a = context.getAuthentication(); * * @param request * @param response * @param successfulAuthentication */private void afterOnLoginSuccess(HttpServletRequest request,HttpServletResponse response,Authentication successfulAuthentication) {HttpSession session = request.getSession(false); // 该方法,返回的session 一定不为nullSystem.out.println("login success-----------------session id = "+ session.getId());FlexSession flexSession = FlexContext.getFlexSession();System.out.println("login success-----------------flexSession id = "+ flexSession.getId());WebAuthenticationDetails WebAuthenticationDetails = (WebAuthenticationDetails) successfulAuthentication.getDetails();System.out.println("WebAuthenticationDetails.getSessionId()-----------------session id = "+ WebAuthenticationDetails.getSessionId());// 登陆成功时,为新创建出来的空session设置properties,session.setAttribute(CURRENT_NAME, successfulAuthentication.getName());}protected UserDetails processAutoLoginCookie(String[] cookieTokens,HttpServletRequest request, HttpServletResponse response) {UserDetails userDetails = super.processAutoLoginCookie(cookieTokens,request, response);this.afterProcessAutoLoginCookie(userDetails, request, response);return userDetails;}/** * 当用户已经登陆,直接关闭浏览器,再次又打开浏览器,访问该web应用时候,所走的是: “自动”登陆的流程( “自动”登陆的流程 根cookie有关) * “自动”登陆的流程, 会调用如下方法: * Authentication org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.autoLogin(HttpServletRequest request, HttpServletResponse response) * 如上方法,会调用此方法。 * * 当进入该方法的时候,此时此刻,还没有任何session(还没有根据客户端的session id 创建新的session) * * * 在此方法,调用之后, 同样的 spring security会把 Authentication 设置到session(如果依然没有session,会自动创建session) 里, key 是 HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY * 详见:void org.springframework.security.web.context.HttpSessionSecurityContextRepository.SaveToSessionResponseWrapper.saveContext(SecurityContext context) * * 所以, 想要获得Authentication 就有两种途径了: * 1 Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); * 2 SecurityContext context = (SecurityContext)httpSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); * Authentication a = context.getAuthentication(); * * @param userDetails * @param request * @param response */private void afterProcessAutoLoginCookie(UserDetails userDetails,HttpServletRequest request, HttpServletResponse response) {// HttpSession session = request.getSession(false); // 此语句运行后,session一定是null,// 因为要在这里往session里面设置一些属性,所以要在此新建session, 如下HttpSession session = request.getSession(); // 此时必然会创建一个新的sessionif (session != null) {System.out.println("auto login success-----------------session id = "+ session.getId());// “自动”登陆成功时,为新创建出来的空session设置properties,session.setAttribute(CURRENT_NAME, userDetails.getUsername());}FlexSession flexSession = FlexContext.getFlexSession();if (flexSession != null) {System.out.println("auto login success-----------------flexSession id = "+ flexSession.getId());}}}
0 0
- Spring BlazeDS Integration之spring security(5)---自定义rememberMeServices的注意事项
- Spring BlazeDS Integration之spring security(3)---自定义rememberMeServices,找到用户登陆成功切入点
- Spring BlazeDS Integration之spring security(4)---自定义rememberMeServices,找到自动登陆成功切入点
- Spring BlazeDS Integration之spring security(1)---flex UI登陆
- Spring BlazeDS Integration之spring security(2)---http form登陆
- 案例学习BlazeDS+Spring之十五:Security Integration 101
- BlazeDS Spring Security Integration问题一点总结
- 案例学习BlazeDS+Spring之二Spring BlazeDS Integration 101
- 案例学习BlazeDS+Spring之二Spring BlazeDS Integration 101
- Spring Blazeds integration
- Spring BlazeDS Integration 的工作原理
- 使用Spring BlazeDS Integration步骤
- spring blazeDS Integration简单介绍
- spring blazeDS Integration简单介绍
- Spring BlazeDS Integration Reference Guide
- 快速搭建Spring BlazeDS Integration框架环境
- Spring BlazeDS Integration简介与入门
- An introduction to Spring BlazeDS integration
- 微信公众平台开发:进阶篇(Web App开发入门)
- 第二十四周项目6-点和距离
- u3d学习资料
- Log4j——JAVA系统日志
- div+css 开山篇
- Spring BlazeDS Integration之spring security(5)---自定义rememberMeServices的注意事项
- vector, list, deque
- init系统sysvinit,UpStart 简介及chkconfig和service
- 自己写的android Launcher没有出现在Launcher启动选择界面问题
- 微信公众平台开发:进阶篇(在网页上添加分享到朋友圈、发送给好友、分享等按钮)
- 读《跨界——开启互联网与传统行业融合新趋势》
- 项目开发环境搭建手记(2.Jdk安装——替代原有的OpenJDK)
- VMware Workstation 11正式版的安装
- 1011. World Cup Betting (20)