我创建了一个假用户名和密码的用户。我试图用java代码登录这个用户。我可以通过
正确获取用户名SecurityContextHolder.getContext().getAuthentication().getName()
然而,jsp标签
<sec:authorize access="!isAuthenticated()">
仍然是假的。 <sec:authentication property="name" />
是匿名用户。我该如何解决?感谢
Collection<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
GrantedAuthority grantedAuthority = new GrantedAuthority() {
//anonymous inner type
public String getAuthority() {
return "ROLE_USER";
}
};
grantedAuthorities.add(grantedAuthority);
User tempUser = new User(username, passwd, true, true, true, true, grantedAuthorities);
Authentication authentication = new UsernamePasswordAuthenticationToken(tempUser, "", grantedAuthorities);
SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = httpServletRequest.getSession();
User authUser = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
session.setAttribute("username", authUser.getUsername());
session.setAttribute("authorities", authentication.getAuthorities());