springSecurity 每种认证方式都要写一大推类
1.要写Token封装认证信息
2.要写UserDetailsService的实现获取用户信息
3.要写provider调用UserDetailsService并且告诉AuthenticationManager他能认证哪种token
4.要写filter去拦截用户请求,获取用户提交的表单数据,交给AuthenticationManager选择一个provider去认证
5.把filter与provider注入一些必要属性交给总配置
-----------------------------------------------------------------------------------------------------------------------------------------------------
如果不想这么繁琐,简单暴力的
1、用户名、密码组合生成一个Authentication对象(也就是UsernamePasswordAuthenticationToken对象)。
2、生成的这个token对象会传递给一个AuthenticationManager对象用于验证。
3、当成功认证后,AuthenticationManager返回一个Authentication对象。
4、接下来,就可以调用
SecurityContextHodler.getContext().setAuthentication(…)
这个过程手动进行
@Controller
public class SecurityController {
@Autowired
private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
@Resource
private AuthenticationManager authenticationManager;
@Autowired
private UserSecurityService userSecurityService;
@RequestMapping("/shoudongdenglu")
public void shoudongdenglu(HttpServletRequest request,HttpServletResponse response)
throws IOException, ServletException {
//根据用户名username加载userDetails
UserDetails userDetails = userSecurityService.loadUserByUsername("ld");
//根据userDetails构建新的Authentication,这里使用了
//PreAuthenticatedAuthenticationToken当然可以用其他token,如UsernamePasswordAuthenticationToken
PreAuthenticatedAuthenticationToken authentication =
new PreAuthenticatedAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities());
//设置authentication中details
authentication.setDetails(new WebAuthenticationDetails(request));
//存放authentication到SecurityContextHolder
SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = request.getSession(true);
//在session中存放security context,方便同一个session中控制用户的其他操作
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
// response.sendRedirect("/");
myAuthenticationSuccessHandler.onAuthenticationSuccess(request,response,authentication);
return;
}
}