What's the proper way to programmatically log a web visitor in under a particular username in Spring and Spring Security 3.1? It seems the way I was doing it 开发者_如何学编程under 2.5 has changed a little. I'm sure there's a much better way of doing this now.
Basically, when I create a new user, I need to also log them in at the same time.
Create an Authentication
(usually a UsernamePasswordAuthenticationToken
) and then call
SecurityContextHolder.getContext().setAuthentication(authentication)
This three lines of code do the work for me:
Authentication request = new UsernamePasswordAuthenticationToken( username, password );
Authentication result = authenticationManager.authenticate( request );
SecurityContextHolder.getContext().setAuthentication( result );
If you are interested in doing this for testing purposes you can do this:
UserDetails user = _userService.loadUserByUsername(username);
TestingAuthenticationToken token = new TestingAuthenticationToken(user,null);
SecurityContextHolder.getContext().setAuthentication(token);
Where user service is your thing that implements UserDetailsService
You can write a custom UsernamePasswordAuthenticationFilter
that extends Spring's UsernamePasswordAuthenticationFilter
.
Here is the code:
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
@Override
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
super.successfulAuthentication(request, response, authResult);
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authResult;
WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
String address = details.getRemoteAddress();
User user = (User) authResult.getPrincipal();
String userName = user.getUsername();
System.out.println("Successful login from remote address: " + address + " by username: "+ userName);
}
@Override
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
super.unsuccessfulAuthentication(request, response, failed);
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) failed.getAuthentication();
WebAuthenticationDetails details = (WebAuthenticationDetails) token.getDetails();
String address = details.getRemoteAddress();
System.out.println("Failed login try from remote address: " + address);
}
}
精彩评论