springSecurity手动登录

springSecurity     每种认证方式都要写一大推类

1.要写Token封装认证信息

2.要写UserDetailsService的实现获取用户信息

3.要写provider调用UserDetailsService并且告诉AuthenticationManager他能认证哪种token

4.要写filter去拦截用户请求,获取用户提交的表单数据,交给AuthenticationManager选择一个provider去认证

5.把filter与provider注入一些必要属性交给总配置

-----------------------------------------------------------------------------------------------------------------------------------------------------

如果不想这么繁琐,简单暴力的

1、用户名、密码组合生成一个Authentication对象（也就是UsernamePasswordAuthenticationToken对象）。
 
2、生成的这个token对象会传递给一个AuthenticationManager对象用于验证。
 
3、当成功认证后，AuthenticationManager返回一个Authentication对象。
 
4、接下来，就可以调用
 
SecurityContextHodler.getContext().setAuthentication(…)

这个过程手动进行

@Controller
public class SecurityController {



    @Autowired
    private AuthenticationSuccessHandler myAuthenticationSuccessHandler;


    @Resource
    private AuthenticationManager authenticationManager;


    @Autowired
    private UserSecurityService userSecurityService;


    @RequestMapping("/shoudongdenglu")
    public  void shoudongdenglu(HttpServletRequest request,HttpServletResponse response)
        throws IOException, ServletException {

        //根据用户名username加载userDetails
        UserDetails userDetails = userSecurityService.loadUserByUsername("ld");
        //根据userDetails构建新的Authentication,这里使用了
        //PreAuthenticatedAuthenticationToken当然可以用其他token,如UsernamePasswordAuthenticationToken
        PreAuthenticatedAuthenticationToken authentication =
            new PreAuthenticatedAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities());
        //设置authentication中details
        authentication.setDetails(new WebAuthenticationDetails(request));
        //存放authentication到SecurityContextHolder
        SecurityContextHolder.getContext().setAuthentication(authentication);
        HttpSession session = request.getSession(true);
        //在session中存放security context,方便同一个session中控制用户的其他操作
        session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());

      // response.sendRedirect("/");


        myAuthenticationSuccessHandler.onAuthenticationSuccess(request,response,authentication);

        return;

    }

}