nhy520 发表于 2013-2-6 08:06:43

spring security 找不到用户信息的原因

折腾了两天,终于解决了,spring security 的用户信息终于可以取出来了.网上的解决办法都没有效果.spring security 2.0.4 把用户信息存入本地线程,通过SecurityContextHolder来获取,第一次请求完成后,则后清空用户信息 如源码:

[*]finally {   
[*]            // This is the only place in this class where SecurityContextHolder.getContext() is called   
[*]            SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();   
[*]  
[*]            // Crucial removal of SecurityContextHolder contents - do this before anything else.   
[*]            SecurityContextHolder.clearContext();   
[*]  
[*]            request.removeAttribute(FILTER_APPLIED);   
[*]·········   
[*]}  
因为我的用的是webwork的action跳转页面,所以又是一个请求这样的话,在action中的方法中就无法取得用户信息了,解决办法就是:写一个servlet来取出用户信息,然后跳转到新页面把用户信息传递过去就样就能实现目的.
 
如servlet:
/**
 *
 */
package com.ztl.book3un.usermanager.user.security;
import java.io.IOException;
import java.util.Map;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.opensymphony.xwork.ActionContext;
import com.ztl.book3un.usermanager.domain.UserLogin;
/**
 * @author:李剑
 * @创作时间:2009-5-27
 * @E-mail:lijian_nhy@126.com
 * @说明:
 * @最后一次修改时间:
 * @修改人:
 */
public class LoginToIndex extends HttpServlet
{
 private static final long serialVersionUID = -2695430823076562265L;
 /*
  * (non-Javadoc)
  *
  * @see javax.servlet.http.HttpServlet#doGet(javax.servlet.http.HttpServletRequest,
  *      javax.servlet.http.HttpServletResponse)
  */
 @Override
 protected void doGet(HttpServletRequest request,
   HttpServletResponse response) throws ServletException, IOException
 {
  // 得到当前用户
  //String sessionCode = "abc";//模拟设置
//  String code = (String) request.getAttribute("code");
//  System.out.println(code);
//  if(sessionCode.equals(code)){
//   System.out.println("对不起,你的验证码不正确!");
//  }
  
  
  UserLogin ul = SecurityUserHolder.getUser();
  
  String userName = ul.getUsername();
  String password = ul.getPassword();
  
  //request.setAttribute("ul", ul);
//  request.setAttribute("userName", userName);
//  request.setAttribute("password", password);
  // 跳转到index.jsp页面
  
  String path = request.getContextPath();
  String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
  /*RequestDispatcher dispatcher = request
    .getRequestDispatcher("/index.ztl?m=login");
  dispatcher.forward(request, response);*/
  response.sendRedirect(basePath+"index.ztl?m=login&userName="+userName+"&password="+password);
 }
 /*
  * (non-Javadoc)
  *
  * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest,
  *      javax.servlet.http.HttpServletResponse)
  */
 @Override
 protected void doPost(HttpServletRequest request,
   HttpServletResponse response) throws ServletException, IOException
 {
  doGet(request, response);
 }
}
 
接下来就是你原来项目的操作了,你应该怎么取值怎么取值了.呵呵.
 
页: [1]
查看完整版本: spring security 找不到用户信息的原因