发表新帖
发表新帖

Reload UserDetails Object from Database Every Request in Spring Security

后端 未结
关注
4 785
暗喜
暗喜 2020-12-28 19:55

I have been looking for a way to reload our Spring Security UserDetails object every request and cannot find an example anywhere.

Does anyone know how to do such a t

4条回答
  • 既然无缘
    既然无缘 (楼主)
    2020-12-28 20:30

    I'm tring FilterSecurityInterceptor's re-authenticate trick

    for form-login with JDBC userDetailsService

    1. Authentication's isAuthenticated set to return false.
    2. rase-credentials to false. (keep credential in session...
    3. when AuthenticationException raised, logout then redirect to login page.

    AuthenticationProvider

    authenticated to false.

    package studying.spring;

import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;

public class MyDaoAuthenticationProvider extends DaoAuthenticationProvider {

  @Override
  protected Authentication createSuccessAuthentication(Object principal, Authentication authentication, UserDetails user) {

    Authentication result = super.createSuccessAuthentication(principal, authentication, user);
    result.setAuthenticated(false);

    return result;
  }
}

    AuthenticationEntryPoint for ExceptionTranslationFilter

    logout and redirect to login page.

    package studying.spring;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;

public class MyLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {

  public MyLoginUrlAuthenticationEntryPoint(String loginFormUrl) {
    super(loginFormUrl);
  }

  @Override
  protected String determineUrlToUseForThisRequest(
      HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) {

    if (exception != null) {
      Authentication auth = SecurityContextHolder.getContext().getAuthentication();
      new SecurityContextLogoutHandler().logout(request, response, auth);
      SecurityContextHolder.getContext().setAuthentication(null);
    }

    return super.determineUrlToUseForThisRequest(request, response, exception);
  }
}

    root-context.xml

    rase-credentials attr. to false.

    0 讨论(0)
 看不清?
提交回复
热议问题