我将Spring Security用于特定用例,我需要手动设置身份验证对象。当用户注销时,我通过SecurityContextHolder.getContext()。getAuthentication()检索身份验证对象,但是它返回AnonymousAuthenticationToken而不是预期的OAuth2Authentication?
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, password, authoritiesMapper.mapAuthorities(user.getAuthorities()))
ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
token.setDetails(new WebAuthenticationDetails(attributes.getRequest()));
OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(new CustomOAuth2Request(ImmutableMap.of(PARAM_SCOPE, SCOPE_OPENID), clientId,
redirectUri, Sets.newHashSet(SCOPE_OPENID)), token);
SecurityContextHolder.getContext().setAuthentication(oAuth2Authentication);
HttpSession session = attributes.getRequest().getSession(true);
session.setAttribute(SPRING_SECURITY_CONTEXT, SecurityContextHolder.getContext());
在我的退出代码中:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
为什么这不会返回我期望的身份验证?