仿造的acegi threadlocal
用过acegi的都知道acegi的用户登陆信息(用户id 角色)等放在threadLocal中
下面是自己土制的threadLocal 比acegi的简单很多,更容易明白它的原理
用过OpenSessionInView的就不用看了,原理完全一样
下面给出关键代码
下面是自己土制的threadLocal 比acegi的简单很多,更容易明白它的原理
用过OpenSessionInView的就不用看了,原理完全一样
下面给出关键代码
//安全上下文,保存用户登陆数据
public class SecurityContext {
public final static String SECURITY_CONTEXT_KEY = "cn.lottery.sale.security.securityContext";
private Long userId;
private String username;
private List<String> roles = new ArrayList<String>();
}
LoginAction中的login方法
public String login(){
SecurityContext sc = new SecurityContext();
sc.setUsername(username);
getRequest().getSession().setAttribute(SecurityContext.SECURITY_CONTEXT_KEY, sc);
return SUCCESS;
}
//安全过滤器。绑定session中用户信息到threadLocal
public class SecurityFilter implements Filter {
private final static Logger logger = LoggerFactory.getLogger(SecurityFilter.class);
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpSession session = req.getSession();
if(session != null){
SecurityContext context = (SecurityContext)session.getAttribute(SecurityContext.SECURITY_CONTEXT_KEY);
logger.debug("绑定用户信息到线程" + Thread.currentThread().getId());
SecurityContextHolder.set(context);
}
try{
chain.doFilter(request, response);
}finally{
logger.debug("删除绑定到当前线程的用户信息" + Thread.currentThread().getId());
SecurityContextHolder.remove();
}
}
}
//逻辑类
public class LotteryManager {
private final static Logger logger = LoggerFactory.getLogger(LotteryManager.class);
private LotteryDAO lotteryDAO;
@Transactional(readOnly = true)
public List<Lottery> findLotteryByName(String lotteryName){
logger.debug( SecurityContextHolder.get().getUsername() ); //看这儿啦 获取用户名。省去传递参数哪么麻烦
return lotteryDAO.findByProperty("shortName", lotteryName);
}
}