最近两天查看了appfuse中的源码,利用断点追踪了解里面的security内部实现。
如果玩家登陆成功后,会在session放一个securityContext对象,key为HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY=”SPRING_SECURITY_CONTEXT”;
以下为认证成功后登陆代码:
protected void loginSuccess(User user) {
HttpSession session = getSession();
SecurityContext securityContext = SecurityContextHolder
.createEmptyContext();
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(
user, "password", user.getAuthorities());
// result.setDetails(user);
securityContext.setAuthentication(result);
session.setAttribute(SECURITY_CONTEXT_KEY, securityContext);
}
0 条评论。