2 xiaoy81 xiaoy81 于 2016.03.01 20:50 提问

SpringSecurity缓存问题

Security在securityContextPersistenceFilter这个过滤器中把SecurityContextHolder清除了,

finally {

//先从SecurityContextHolder获取SecurityContext实例

SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();

// Crucial removal of SecurityContextHolder contents - do this before anything else.

//再把SecurityContext实例从SecurityContextHolder中清空

SecurityContextHolder.clearContext();

//将SecurityContext实例持久化到session中

repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());

request.removeAttribute(FILTER_APPLIED);

if (debug) {

logger.debug("SecurityContextHolder now cleared, as request processing completed");

}

}

而在sec:authorize标签鉴权时,还是使用Authentication auth = SecurityContextHolder.getContext().getAuthentication();这样获取的值为null,标签无法使用,这个问题怎么解决,框架这么做不合理啊。

1个回答

devmiao
devmiao   Ds   Rxr 2016.03.01 21:42
Csdn user default icon
上传中...
上传图片
插入图片
准确详细的回答,更有利于被提问者采纳,从而获得C币。复制、灌水、广告等回答会被删除,是时候展现真正的技术了!