用户认证入门
小于 1 分钟
用户认证入门
参考
- SpringSecurity 官方文档:https://docs.spring.io/spring-security/reference/servlet/authentication/architecture.html
- 中文文档:https://springdoc.cn/spring-security/servlet/authentication/architecture.html
1、SecurityContextHolder
Spring Security 的认证模型的核心是 SecurityContextHolder。它包含了 SecurityContext。
SecurityContextHolder 是 Spring Security 存储用户 验证 细节的地方。Spring Security 并不关心 SecurityContextHolder 是如何被填充的。如果它包含一个值,它就被用作当前认证的用户。
案例
@RestController
@RequestMapping("/security")
public class SecurityController {
private static final Logger LOGGER = LoggerFactory.getLogger(SecurityController.class);
@GetMapping("/context")
public Map<String,Object> index(){
SecurityContext context = SecurityContextHolder.getContext();//存储认证对象的上下文
Authentication authentication = context.getAuthentication();//认证对象
String username = authentication.getName();//用户名
Object principal =authentication.getPrincipal();//身份
Object credentials = authentication.getCredentials();//凭证(脱敏)
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();//权限
LOGGER.info("username:{},principal:{},credentials:{},authorities:{}",username,principal,credentials,authorities);
//创建结果对象
HashMap<String,Object> result = new HashMap<>();
result.put("code", 0);
result.put("data", username);
result.put("principal", principal);
result.put("credentials", credentials);
result.put("authorities", authorities);
return result;
}
}
