spring-security: authorization without authentication

后端未结

关注

 7  1287

谎友^ 2020-12-12 16:44

I\'m trying to integrate Spring Security in my web application. It seems pretty easy to do as long as you integrate the whole process of authentication and authorization.

7条回答

一生所求 (楼主)

2020-12-12 17:11

I use the authorization by this:

Inject the authorization related bean into my own bean:

@Autowired
private AccessDecisionManager    accessDecisionManager;
@Autowired
FilterSecurityInterceptor        filterSecurityInterceptor;

Use this bean by this:

FilterInvocation fi = new FilterInvocation(rundata.getRequest(), rundata.getResponse(), new FilterChain() {

    public void doFilter(ServletRequest arg0, ServletResponse arg1) throws IOException, ServletException {
        // TODO Auto-generated method stub

    }
});
FilterInvocationDefinitionSource objectDefinitionSource = filterSecurityInterceptor.getObjectDefinitionSource();
ConfigAttributeDefinition attr = objectDefinitionSource.getAttributes(fi);
Authentication authenticated = new Authentication() {

    ...........

    public GrantedAuthority[] getAuthorities() {
        GrantedAuthority[] result = new GrantedAuthority[1];
        result[0] = new GrantedAuthorityImpl("ROLE_USER");
        return result;
    }
};
accessDecisionManager.decide(authenticated, fi, attr);

0 讨论(0)

查看其它7个回答