Spring Boot整合Spring Security简记-Servlet API集成(四)

new無语 转载请注明原创出处,谢谢!

Spring Security学习目录

本节介绍Spring Security如何与Servlet集成。

Servlet 2.5+集成

HttpServletRequest.getRemoteUser()


返回结果为SecurityContextHolder.getContext().getAuthentication().getName(),一般为当前认证用户名。还可检验是否已验证或匿名。

HttpServletRequest.getUserPrincipal()


返回结果为SecurityContextHolder.getContext().getAuthentication()的认证用户信息主体。

            Authentication authentication = (Authentication) httpServletRequest.getUserPrincipal();
            Object principal = authentication.getPrincipal();
            Object userDetails = null;
            if (principal instanceof UserDetails) {
                userDetails = (UserDetails) principal;
            } else {
                userDetails = principal.toString();
            }

Servlet 3+集成

HttpServletRequest.isUserInRole(String)


判断是否包含目标角色权限。是否在SecurityContextHolder.getContext().getAuthentication().getAuthorities()中存在。不用将ROLE_填入,因为在方法验证中,自动添加。
boolean isAdmin = httpServletRequest.isUserInRole("ADMIN");

Servlet 3.1+集成

HttpServletRequest.authenticate(HttpServletResponse)


判断当前请求是否认证用户。

HttpServletRequest.login(String,String)


使用username和password进行身份认证。

try {
      httpServletRequest.login("user","password");
} catch(ServletException e) {
      // fail to authenticate
}

注:如果需要Spring Security进行处理身份认证失败的异常,就不需要捕获ServletException 异常。

HttpServletRequest.logout()


可用于退出当前用户。

AsyncContext.start(Runnable)


Spring Srcurity覆盖AsyncContext.start(Runnable)方法,以确保当前线程SecurityContext传播到新线程。

            final AsyncContext asyncContext = httpServletRequest.startAsync();
            asyncContext.start(new Runnable() {
                @Override
                public void run() {
                    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                    try {
                        final HttpServletResponse asyncResponse = (HttpServletResponse) asyncContext.getResponse();
                        asyncResponse.setStatus(HttpServletResponse.SC_OK);
                        asyncResponse.getWriter().write(String.valueOf(authentication));
                        asyncContext.complete();
                    } catch (Exception e) {
                        logger.error("", e);
                    }
                }
            });

你可能感兴趣的:(Spring Boot整合Spring Security简记-Servlet API集成(四))