最近两天查看了appfuse中的源码,利用断点追踪了解里面的security内部实现。
如果玩家登陆成功后,会在session放一个securityContext对象,key为HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY=”SPRING_SECURITY_CONTEXT”;
以下为认证成功后登陆代码:
protected void loginSuccess(User user) { HttpSession session = getSession(); SecurityContext securityContext = SecurityContextHolder .createEmptyContext(); UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken( user, "password", user.getAuthorities()); // result.setDetails(user); securityContext.setAuthentication(result); session.setAttribute(SECURITY_CONTEXT_KEY, securityContext); }
0 条评论。