Spring Security 使用action进行登录

UserDetails userDetails = accountDao.getAccountByLoginName(username);

// 密码加密,salt可以为空,表示不加添加剂

String encodedPassword = passwordEncoder.encodePassword(password, null);

if (userDetails.getPassword().equals(encodedPassword)) {

Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities());

// spring security 将权限及用户信息存入securityContext

SecurityContext securityContext = SecurityContextHolder.getContext();

securityContext.setAuthentication(authentication);

ActionContext ctx = ActionContext.getContext();

HttpServletRequest request = (HttpServletRequest)ctx.get(ServletActionContext.HTTP_REQUEST);

HttpSession session = request.getSession(true);

HttpServletResponse response = (HttpServletResponse)ctx.get(ServletActionContext.HTTP_RESPONSE);

response.setHeader("P3P", "CP=CAO PSA OUR"); //用于ajax请求保存session

session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext); //将用户信息放入session

}


你可能感兴趣的:(Security,action,password)