有没有办法在使用acegi安全模块的servlet应用程序中避免基于表单的登录?我想以某种方式将登录名和密码传递给URL。我试着打电话给这样的话:
GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ADMIN")};
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken("admin", "passwordofadmin", grantedAuthorities);
WebAuthenticationDetails authdetails = (WebAuthenticationDetails) authentication.getDetails();
HttpSession session = event.getSession();
ProviderManager pm = (ProviderManager)WebApplicationContextUtils.getWebApplicationContext(session.getServletContext()).getBean("authenticationManager");
pm.doAuthentication(authentication);
SecurityContextHolder.getContext().setAuthentication(authentication);
在HttpSessionCreatedEvent事件的处理程序中,我收到了AuthenticationSuccessEvent个事件,但之后还收到了Failure个事件并显示了身份验证表单。
答案 0 :(得分:0)
首先,您必须在xml中覆盖UserDetailsService。像这样:
<bean id="userService" class="com.security.UserSecurityService" >
...
</bean>
然后编写自己的service.like:
public class UserSecurityService implements UserDetailsService {
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException{
User user =userDAO.findByUsername(username);
GrantedAuthority[] grantedRoles = {new GrantedAuthorityImpl("ROLE_USER")};
secUsr = new User(user.getUsername(), user.getPassword(), true, grantedRoles);
我希望这会对你有所帮助