I am unable to find how the java.security.Principal in HttpServletRequest is created - who is responsible? How it is done? Is it necessarily kept in Session?
How it is connected to Spring Security?
Are there any alternatives to Spring Security which uses Principal for User authorization/authentication?
How would one implement own user authorization/authentication so that Principal would contain the current user?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
- typically, Principal object putting in the session after successful login.See documentation.
- Springs
Authenticationinterface extendsPrincipalinterface - Alternatively you can use Apache Shiro
- Implement own
UserDetailsServicewhich wil return your User object(it must implement UserDetails interface) See docs.
回答2:
The Principal will be set by Spring Security based upon your Spring Security configuration.
To implement this, please see http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity.html
![Prime Path[POJ3126] [SPFA/BFS]](https://oscimg.oschina.net/oscnet/e1200f32e838bf1d387d671dc8e6894c37d.jpg "Prime Path[POJ3126] [SPFA/BFS]")
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 神经病院院长 的文章《java.security.Principal - creation in HttpServletR》','https://www.manongdao.com/article-1016450.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}