Servlet APi 集成

Servlet 2.5+ Integration

15.1.1 HttpServletRequest.getRemoteUser()得到用户名.

15.1.2 HttpServletRequest.getUserPrincipal()

HttpServletRequest.getUserPrincipal()得到SecurityContextHolder.getContext().getAuthentication()的信息.

Authentication auth = httpServletRequest.getUserPrincipal();// assume integrated custom UserDetails called MyCustomUserDetails// by default, typically instance of UserDetailsMyCustomUserDetails userDetails = (MyCustomUserDetails) auth.getPrincipal();String firstName = userDetails.getFirstName();String lastName = userDetails.getLastName();

15.1.3 HttpServletRequest.isUserInRole(String)

是否有角色

boolean isAdmin = httpServletRequest.isUserInRole("ADMIN");

15.2 Servlet 3+ Integration

15.2.1 HttpServletRequest.authenticate(HttpServletRequest,HttpServletResponse)

HttpServletRequest.authenticate(HttpServletRequest,HttpServletResponse) 可以保证用户被认证.如果用户没被认证,AuthenticaitonEntryPoint触发认证.

15.2.2 HttpServletRequest.login(String,String)

登陆

try {httpServletRequest.login("user","password");} catch(ServletException e) {// fail to authenticate}

15.2.3 HttpServletRequest.logout()

登出

AsyncContext.start(Runnable)

异步操作

final AsyncContext async = httpServletRequest.startAsync();async.start(new Runnable() {	public void run() {		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();		try {			final HttpServletResponse asyncResponse = (HttpServletResponse) async.getResponse();			asyncResponse.setStatus(HttpServletResponse.SC_OK);			asyncResponse.getWriter().write(String.valueOf(authentication));			async.complete();		} catch(Exception e) {			throw new RuntimeException(e);		}	}});

异步输出用户信息

Async Servlet Support

servlet至少是3.0

下一步添加DelegatingFilterProxy的异步支持

filter>
    
     springSecurityFilterChain
    
    
     	org.springframework.web.filter.DelegatingFilterProxy
    
    
     true
    
    
     
      springSecurityFilterChain
     
     
      /*
     
     
      REQUEST
     
     
      ASYNC