Springsecurity Each kind of authentication method must write a big push class
1. To write token packaging certification information
2. To write the implementation of Userdetailsservice to obtain user information
3. To write provider call Userdetailsservice and tell AuthenticationManager what token he can certify
4. To write filter to intercept user requests, get user submitted form data, give AuthenticationManager to choose a provider to authenticate
5. Inject filter and provider with some necessary attributes to the general configuration
--------------------------------------------------------------------------------------------------------------- --------------------------------------
If you don't want to be so tedious, simple and violent
1. The user name and password combination generates a authentication object (that is, the Usernamepasswordauthenticationtoken object).
2. The generated token object is passed to a AuthenticationManager object for validation.
3. After successful authentication, AuthenticationManager returns a authentication object.
4. Next, you can call
Securitycontexthodler.getcontext (). Setauthentication (...)
This process is done manually
@Controllerpublic class Securitycontroller {@Autowired private Authenticationsuccesshandler myauthenticationsuccess Handler; @Resource private AuthenticationManager AuthenticationManager; @Autowired private Usersecurityservice Usersecurityservice; @RequestMapping ("/shoudongdenglu") public void Shoudongdenglu (HttpServletRequest request,httpservletresponse Response) throws IOException, Servletexception {//username load Userdetails userdetails userdetails based on user name = Usersecurityservice.loaduserbyusername ("ld"); Build a new authentication according to Userdetails, where//preauthenticatedauthenticationtoken can of course use other tokens, such as Usernamepasswordauthenticationtoken preauthenticatedauthenticationtoken authentication = new PreAuthent Icatedauthenticationtoken (Userdetails, Userdetails.getpassword (), userdetails.getauthorities ()); Set the details authentication.setdetails (new Webauthenticationdetails (request) in authentication); Storage AuthentIcation to Securitycontextholder Securitycontextholder.getcontext (). Setauthentication (authentication); HttpSession session = Request.getsession (true); Store the SECURITY context in the session to facilitate the control of other user operations in the same session session.setattribute ("Spring_security_context", Securitycontextholder.getcontext ()); Response.sendredirect ("/"); Myauthenticationsuccesshandler.onauthenticationsuccess (request,response,authentication); Return }}
Springsecurity Manual Login