[code="java"]UsernamePasswordAuthenticationToken authen = new UsernamePasswordAuthenticationToken(
username, password);
WebAuthenticationDetails webdetails = new WebAuthenticationDetails(
request);
WebAuthenticationDetails
authen.setDetails(webdetails);
SecurityContextHolder.getContext().setAuthentication(authen);
[/code]
系统登录的时候调用一个Servlet根据Username从数据库取出User对象填充进上述代码,然后写了个过滤器在进行数据的拦截,但是双面的数据在过滤器使用SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();无法得到填充的数据
[code="java"]String loginName = request.getUserPrincipal().getName();[/code]
直接这样写试试看
加一个filter, HttpSessionContextIntegrationFilter.它的作用是在web请求之间把SecurityContext存储在HttpSession中。
不要在web.xml里面加
[code="xml"]
security
org.acegisecurity.util.FilterToBeanProxy
targetClass
org.acegisecurity.util.FilterChainProxy
security
/*
[/code]
去你spring环境里面
[code="xml"]
<!-- IMPORTANT: DON'T LINEBREAK THE FILTER LIST, OR ELSE BEAN LOOKUP BREAKS! -->
<!-- I'M JUST DOING IT HERE FOR DISPLAY PURPOSES -->
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,
authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
[/code]
可以看看我的Acegi系列教程:
http://zhanjia.iteye.com/category/43399