以编程方式从spring security中的链接登录

时间:2013-02-05 08:50:40

标签: spring-security

我试图在没有登录弹簧安全的情况下自动授权。用户将通过单击网站中的链接获得授权。

我有一个类UserLoginService,它从spring-security xml文件调用,就像这样; 

     <authentication-manager>
        <authentication-provider user-service-ref="userLoginService" >
            <password-encoder hash="md5"/>   
        </authentication-provider> 
    </authentication-manager>

    <beans:bean id="userLoginService"
        class="tr.com.enlil.formdesigner.server.guvenlik.UserLoginService">

    </beans:bean>

UserLoginService类; 

public class UserLoginService implements UserDetailsService {
    private static Logger logger = Logger.getLogger(InitServlet.class);

    @Autowired
    private IKullaniciBusinessManager iKullaniciBusinessManager;

    /**
     * {@inheritDoc}
     */
    @Override
    public UserDetails loadUserByUsername(String username) {
        try {
            Kullanici kullanici = new Kullanici();
            kullanici.setKullaniciAdi(username);
            Kullanici kullaniciBusinessManager = iKullaniciBusinessManager.getirKullaniciAdinaGore(kullanici);
            User user = new User();
            if (kullaniciBusinessManager != null && kullaniciBusinessManager.getAktifmi()) {
                user.setUsername(kullaniciBusinessManager.getKullaniciAdi());
                user.setPassword(kullaniciBusinessManager.getSifre());
                user.setKullanici(kullaniciBusinessManager);
                List<String> yetkiListesi = new ArrayList<String>();
                List<GrantedAuthority> grandAuthorities = new ArrayList<GrantedAuthority>();
                //TODO yetkilerle alakalı birşey yapmak gerekebilir.
                for (String yetki : yetkiListesi) {
                    GrantedAuthorityImpl g = new GrantedAuthorityImpl(yetki);
                    grandAuthorities.add(g);
                }
                user.setAuthorities(grandAuthorities);
            }
            return user;
        } catch (Exception e) {
            logger.error("Kullanici alinirken hata olustu!!", e);
        }
        return null;

    }

    public static void autoLogin(User user, HttpServletRequest request, AuthenticationManager authenticationManager) {

        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(),
                user.getPassword(), user.getAuthorities());

        // generate session if one doesn't exist
        request.getSession();

        token.setDetails(new WebAuthenticationDetails(request));
        Authentication authenticatedUser = authenticationManager.authenticate(token);

        SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
        // setting role to the session
        request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
                SecurityContextHolder.getContext());

    }
}

我从Make Programmatic login without username/password?找到了autoLogin方法。但我不知道,从哪里可以调用这种方法,这段代码会帮助我。

提前致谢。

1 个答案:

答案 0 :(得分:1)

您必须创建自己的AbstractPreAuthenticatedProcessingFilter实现。方法getPreAuthenticatedPrincipal(HttpServletRequest请求)将具有您可以从中获取凭据的请求。如果主题是有效用户,则需要返回主题;如果不是,则返回null。您对UserDetailsS​​ervice的实现会将主题转换为UserDetails对象。

相关问题
最新问题