1
我正在使用Spring安全性进行身份验证的Spring-MVC应用程序。为了访问安全功能,用户必须登录。我正在使用可以确定用户是否已登录的功能。Spring Security如何区分多个登录用户
我只是想知道下面发布的代码是否适用于多个用户同时登录,以区分用户A是否已登录。如果不是,请提供任何解决方案或想法。谢谢。
Person Controller :
@Controller
public class PersonController {
private PersonService personService;
// Now whenever there are secure functions to be accessed, like below, I use it the following way :
}
@RequestMapping(value = "/note/list/{id}",method = RequestMethod.GET)
public String listNotes(@ModelAttribute("notices") Notes p,@PathVariable int id,Model model) {
Person person = personService.getCurrentlyAuthenticatedUser();
model.addAttribute("section1",this.notesService.listNotesBySectionId(1,person));
}
目前获得认证的用户功能:
@Override
public Person getCurrentlyAuthenticatedUser() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String authenticatedUserId = authentication.getName();
Person person = personDAO.findPersonByUsername(authenticatedUserId);
return person;
}
我实现认证是这样的:
@Transactional
@Service("userDetailsService")
public class LoginServiceImpl implements UserDetailsService{
@Autowired private PersonDAO personDAO;
@Autowired private Assembler assembler;
private static final GrantedAuthority USER_AUTH = new SimpleGrantedAuthority("ROLE_USER");
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException,DataAccessException {
Person person = personDAO.findPersonByUsername(username);
if(person == null) { throw new UsernameNotFoundException("Wrong username or password");} //Never specify which one was it exactly
return assembler.buildUserFromUserEntity(person);
}
}
装配用户
@Transactional
@Service("userDetailsService")
public class LoginServiceImpl implements UserDetailsService{
@Autowired private PersonDAO personDAO;
@Autowired private Assembler assembler;
private static final GrantedAuthority USER_AUTH = new SimpleGrantedAuthority("ROLE_USER");
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException,DataAccessException {
Person person = personDAO.findPersonByUsername(username);
if(person == null) { throw new UsernameNotFoundException("Wrong username or password");}
return assembler.buildUserFromUserEntity(person);
}
}
谢谢你的详细解答。所以结论是上面的代码可以处理多重认证。我会检查字符串是否为空。 – 2014-11-03 15:40:08
除了身份验证之外,还没有运行您的代码以查看它是否无错。我只是说,春季安全处理这个开箱即用。 – grid 2014-11-03 15:43:19
此时,代码不会引发错误,用户登录后,我也可以获取当前登录的用户和所有用户。我忘了处理空认证部分...任何想法我怎么处理这个异常。我不想显示一些Apache错误页面。 – 2014-11-03 15:50:56