在我的应用程序中,我们正在捕获每笔交易的用户详细信息SecurityContextHolder
认证对象。
但它给出了错误UserID
它似乎。以下是代码片段供您参考。
安全上下文.xml
弹簧安全-3.2 --
<security:http auto-config="true">
<!-- Restrict URLs based on role -->
<security:headers>
<security:cache-control/>
<security:content-type-options/>
<security:frame-options policy="DENY"/>
<security:xss-protection/>
</security:headers>
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/logoutSuccess*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/web/forgotPwd/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/web/**" access="ROLE_USER" />
<security:form-login login-page="/login.html" default-target-url="/web/landing/homePage.html"
always-use-default-target="true" authentication-failure-handler-ref="exceptionTranslationFilter" />
<security:logout delete-cookies="JSESSIONID" invalidate-session="true"
logout-success-url="/logout.html" />
<security:session-management session-fixation-protection="newSession" invalid-session-url="/login.html?login_error=sessionexpired" session-authentication-error-url="/login.html?login_error=alreadyLogin">
<security:concurrency-control max-sessions="1" expired-url="/login.html?login_error=duplicateOrsessionexpired" error-if-maximum-exceeded="false" />
</security:session-management>
<security:csrf />
<security:remember-me token-repository-ref="remembermeTokenRepository" key="myAppKey"/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsServiceImpl">
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices">
<constructor-arg value="myAppKey" />
<constructor-arg ref="userDetailsServiceImpl" />
<constructor-arg ref="remembermeTokenRepository" />
<property name="alwaysRemember" value="true" />
<property name="useSecureCookie" value="true" />
</bean>
<bean id="rememberMeFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<property name="rememberMeServices" ref="rememberMeServices" />
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<property name="key" value="myAppKey" />
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
<property name="exceptionMappings">
<props>
<prop key="org.springframework.security.authentication.BadCredentialsException">
/login.html?login_error=BadCredentials
</prop>
<prop key="org.springframework.security.authentication.CredentialsExpiredException">
/login.html?login_error=CredentialsExpired
</prop>
<prop key="org.springframework.security.authentication.LockedException">
/loginModule/loginfailed.do??errorMessage=Locked
</prop>
<prop key="org.springframework.secuirty.authentication.DisabledException">
/login.html?login_error=Disabled
</prop>
</props>
</property>
</bean>
<bean id="passwordEncoder" class="org.jasypt.springsecurity3.authentication.encoding.PBEPasswordEncoder">
<property name="pbeStringEncryptor">
<ref bean="defaultStringEncryptor" />
</property>
</bean>
Code:
public static String getId() {
Authentication auth = curityContextHolder.getContext().getAuthentication();
if (auth != null) {
Object principal = auth.getPrincipal();
if (principal instanceof UserWithId) {
return ((UserWithId) principal).getUserid();
}
}
return null;
}
任何帮助,将不胜感激。提前致谢
Update:
发生的场景是:
用户登录并执行一些事务 101: 对于事务 101:userId
from SecurityContextHolder
是用户A
同时,用户登录到其他会话并执行一些事务 103:对于事务 103:userId
from SecurityContextHolder
是用户B
UserA 再次执行一些 transaction106: 对于 transaction106:userId
from SecurityContextHolder
使用而不是 UserS
None
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)