Spring Security - 为什么SecurityContextHolder.getContext()。getAuthentication()返回AnonymousAuthenticationToken?

时间:2017-06-06 01:00:49

标签: java spring spring-security

我将Spring Security用于特定用例,我需要手动设置身份验证对象。当用户注销时,我通过SecurityContextHolder.getContext()。getAuthentication()检索身份验证对象,但是它返回AnonymousAuthenticationToken而不是预期的OAuth2Authentication?

    UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user, password, authoritiesMapper.mapAuthorities(user.getAuthorities()))

    ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes();
    token.setDetails(new WebAuthenticationDetails(attributes.getRequest()));

    OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(new CustomOAuth2Request(ImmutableMap.of(PARAM_SCOPE, SCOPE_OPENID), clientId,
            redirectUri, Sets.newHashSet(SCOPE_OPENID)), token);

    SecurityContextHolder.getContext().setAuthentication(oAuth2Authentication);

    HttpSession session = attributes.getRequest().getSession(true);
    session.setAttribute(SPRING_SECURITY_CONTEXT, SecurityContextHolder.getContext());

在我的退出代码中:

    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

为什么这不会返回我期望的身份验证?

0 个答案:

没有答案