问候所有 我使用下面的方法,使编程登录的用户,但与他的用户名&密码,并能正常工作:使程序登录没有用户名/密码?
public static void autoLogin(User user, HttpServletRequest request,
AuthenticationManager authenticationManager) {
GrantedAuthority[] grantedAuthorities = new GrantedAuthority[] { new GrantedAuthorityImpl(
user.getAuthority()) };
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(
user.getUserName(), user.getPassword(),
grantedAuthorities);
// generate session if one doesn't exist
request.getSession();
token.setDetails(new WebAuthenticationDetails(request));
Authentication authenticatedUser = authenticationManager
.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
// setting role to the session
request
.getSession()
.setAttribute(
HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
SecurityContextHolder.getContext());
}
,我想知道如果有可能使编程登录,但没有用户名或密码认证,只是让这个用户认证。
如果您删除了这两行,那么以下行是如何编译的? 。SecurityContextHolder.getContext()setAuthentication(authenticatedUser); – 2012-11-22 03:37:11