春季安全手册登录
[英]spring security manual login
问题描述
I am using spring security and want to login my users manually. 
我正在使用Spring Security,并想手动登录我的用户。
my controller looks like this: 我的控制器看起来像这样:
@RequestMapping("/login")
public String login() {
Authentication authenticationResult = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken("user2", "password"));
SecurityContextHolder.getContext().setAuthentication(authenticationResult);
return "redirect:/";
}
I found an example in the docs where such a login is made. 我在文档中找到了进行此登录的示例。
http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#what-is-authentication-in-spring-security http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#what-is-authentication-in-spring-security
I just wanted to ask whether there are any downsides or security issues with this approach? 我只是想问这种方法是否存在任何弊端或安全问题?
EDIT: If someone can point me to the class (&docs?) where the default spring /login request ist handled it might also answer my question as i could look how the login process is implemented spring internally 编辑:如果有人可以将我指向默认的spring / login请求ist处理的类(&docs?),它也可能回答我的问题,因为我可以查看如何在内部实现Spring的登录过程
1 个解决方案
解决方案1
0 2015-10-01 01:36:05
This is a work around when we need to do some process before the user logs in. The actual problem comes when you do the following things. 当我们需要在用户登录之前进行一些处理时,这是一种变通方法。实际的问题出在您执行以下操作时。 Of course these are not problems :-). 当然,这些不是问题:-)。
- If You are using spring remember-me token or custom authentication providers. 如果您使用的是spring记住我令牌或自定义身份验证提供程序。
- When you are using encrypted passwords in your DB. 在数据库中使用加密密码时。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.