更新时间:2023-12-04 09:12:52
***的方法是实现接口 SAMLUserDetailsService
,它将自动存储您从身份验证
中的 loadUserBySAML
方法返回的对象>稍后可以从 SecurityContext.getContext()
查询的对象。每次身份验证后都会调用一次该接口。请参见手册了解详细信息和示例。
The best approach is to implement interface SAMLUserDetailsService
, which will automatically store object you return from its loadUserBySAML
method in the Authentication
object which you can later query from the SecurityContext.getContext()
. The interface is called once after each authentication. See the manual for details and examples.
另一种可能性是 AuthenticationSuccessHandler
。登录进程调用onAuthenticationSuccess方法,该方法可以访问 Authentication
对象,该对象将存储在SecurityContext.getContext()中。
The other possibility is AuthenticationSuccessHandler
. The login process calls method onAuthenticationSuccess which has access to the Authentication
object, which will be stored in the SecurityContext.getContext().
只需创建自己的类,实现接口 AuthenticationSuccessHandler
(您还可以扩展一些现有的类,例如 SimpleUrlAuthenticationSuccessHandler
或 AbstractAuthenticationTargetUrlRequestHandler
)。然后通过更改现有 successRedirectHandler
bean中的类,将实现插入 securityContext.xml
。
Simply create your own class which implements interface AuthenticationSuccessHandler
(you can also extend some of the existing classes, such as SimpleUrlAuthenticationSuccessHandler
or AbstractAuthenticationTargetUrlRequestHandler
). Then plug your implementation to the securityContext.xml
by changing class in the existing successRedirectHandler
bean.
问题是,身份验证
对象往往是不可变的 - 所以第一种方式可能更好。
The problem is, that the Authentication
object tends to be immutable - so the first way might be better.