我有登录参数
1.userName
2.password
3.companyId
我使用以下代码获得了用户名和密码
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String name = auth.getName();
String pwd = auth.getCredentials();
String companyId= ???//How can i set and then get company Id here.
我的问题是如何使用 SecurityContextHolder 获得额外的登录参数(companyId)?
提取类可能不是弹簧控制器。这就是我使用的原因 SecurityContextHolder 而不是 HttpSession。
谢谢,
创建一个简单的 SpringSecurityFilter 过滤器。使用
setDetails()
方法为用户提供额外的详细信息。
package org.example;
public class CustomDeatilsSecurityFilter extends SpringSecurityFilter {
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
SecurityContext sec = SecurityContextHolder.getContent();
AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
HashMap<String, Object> info = new HashMap<String, Object>();
info.put("companyId", 42);
auth.setDetails(info);
}
}
将其添加到 Spring Security 过滤器链中,如下所示(这不是 web.xml,而是类似 applicationContext-security.xml 的内容):
<bean id="customDeatilsSecurityFilter" class="org.example.CustomDeatilsSecurityFilter">
<custom-filter position="LAST" />
</bean>
然后在代码中的某个地方你可以做这样的事情:
Map<String, Object> info = (Map<String, Object>)SecurityContextHolder.getContext().getAuthentication.getDetails();
int companyId = info.get("companyId");
Spring Security 的基本安装 在 web.xml 中
<context-param>
<param-name>patchConfigLocation</param-name>
<param-value>
classpath:/applicationContext.xml
/WEB-INF/applicationContext-datasource.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
在 applicationContext-security.xml 中
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.2.xsd">
...
<bean id="customDeatilsSecurityFilter" class="org.example.CustomDeatilsSecurityFilter">
<custom-filter position="LAST" />
</bean>
...
在项目的pom.xml中
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
<!-- !Spring Security -->
在 Spring Security 中,有两种方法可以从 SecurityContextHolder 设置或检索 companyId。 创建了一个设置 companyId 的方法
public void setcompanyIdToAbstractAuthenticationToken(Integer companyId) {
Map<String, Integer> map= new HashMap<>();
map.put("companyId", companyId);
AbstractAuthenticationToken authentication = (AbstractAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
authentication.setDetails(map);
}
}
创建了一个方法来获取或检索整数类型的companyId
public Integer getCompanyId() {
Map<String, Integer> authenticationDetails = (Map<String, Integer>) Optional.ofNullable(SecurityContextHolder.getContext())
.map(SecurityContext::getAuthentication)
.map(Authentication::getDetails)
.orElseGet(HashMap::new);
return authenticationDetails.get("companyId");
}