UserDetails userDetails = accountDao.getAccountByLoginName(username);
// 密码加密,salt可以为空,表示不加添加剂
String encodedPassword = passwordEncoder.encodePassword(password, null);
if (userDetails.getPassword().equals(encodedPassword)) {
Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities());
// spring security 将权限及用户信息存入securityContext
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
ActionContext ctx = ActionContext.getContext();
HttpServletRequest request = (HttpServletRequest)ctx.get(ServletActionContext.HTTP_REQUEST);
HttpSession session = request.getSession(true);
HttpServletResponse response = (HttpServletResponse)ctx.get(ServletActionContext.HTTP_RESPONSE);
response.setHeader("P3P", "CP=CAO PSA OUR"); //用于ajax请求保存session
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext); //将用户信息放入session
}
转载于:https://blog.51cto.com/libangsen/1320120