springSecurity 每种认证方式都要写一大推类
1.要写Token封装认证信息
2.要写UserDetailsService的实现获取用户信息
3.要写provider调用UserDetailsService并且告诉AuthenticationManager他能认证哪种token
4.要写filter去拦截用户请求,获取用户提交的表单数据,交给AuthenticationManager选择一个provider去认证
5.把filter与provider注入一些必要属性交给总配置
-----------------------------------------------------------------------------------------------------------------------------------------------------
如果不想这么繁琐,简单暴力的
1、用户名、密码组合生成一个Authentication对象(也就是UsernamePasswordAuthenticationToken对象)。
2、生成的这个token对象会传递给一个AuthenticationManager对象用于验证。
3、当成功认证后,AuthenticationManager返回一个Authentication对象。
4、接下来,就可以调用
SecurityContextHodler.getContext().setAuthentication(…)
这个过程手动进行
@Controller public class SecurityController { @Autowired private AuthenticationSuccessHandler myAuthenticationSuccessHandler; @Resource private AuthenticationManager authenticationManager; @Autowired private UserSecurityService userSecurityService; @RequestMapping("/shoudongdenglu") public void shoudongdenglu(HttpServletRequest request,HttpServletResponse response) throws IOException, ServletException { //根据用户名username加载userDetails UserDetails userDetails = userSecurityService.loadUserByUsername("ld"); //根据userDetails构建新的Authentication,这里使用了 //PreAuthenticatedAuthenticationToken当然可以用其他token,如UsernamePasswordAuthenticationToken PreAuthenticatedAuthenticationToken authentication = new PreAuthenticatedAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities()); //设置authentication中details authentication.setDetails(new WebAuthenticationDetails(request)); //存放authentication到SecurityContextHolder SecurityContextHolder.getContext().setAuthentication(authentication); HttpSession session = request.getSession(true); //在session中存放security context,方便同一个session中控制用户的其他操作 session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext()); // response.sendRedirect("/"); myAuthenticationSuccessHandler.onAuthenticationSuccess(request,response,authentication); return; } }