如何在Spring SecuritySpringMVC中手动设置经过身份验证的用户

如何在Spring Security / SpringMVC中手动设置经过身份验证的用户

不久前，我和您有同样的问题。我不记得详细信息，但是以下代码对我有用。该代码在Spring
Webflow流中使用，因此在RequestContext和ExternalContext类中使用。但是与您最相关的部分是doAutoLogin方法。

public String registerUser(UserRegistrationFormBean userRegistrationFormBean,     RequestContext requestContext,     ExternalContext externalContext) {    try {        Locale userLocale = requestContext.getExternalContext().getLocale();        this.userService.createNewUser(userRegistrationFormBean, userLocale, Constants.SYSTEM_USER_ID);        String emailAddress = userRegistrationFormBean.getChooseEmailAddressFormBean().getEmailAddress();        String password = userRegistrationFormBean.getChoosePasswordFormBean().getPassword();        doAutoLogin(emailAddress, password, (HttpServletRequest) externalContext.getNativeRequest());        return "success";    } catch (EmailAddressNotUniqueException e) {        MessageResolver messageResolvable      = new MessageBuilder().error()     .source(UserRegistrationFormBean.PROPERTYNAME_EMAIL_ADDRESS)     .pre("userRegistration.emailAddress.not.unique")     .build();        requestContext.getMessageContext().addMessage(messageResolvable);        return "error";    }}private void doAutoLogin(String username, String password, HttpServletRequest request) {    try {        // Must be called from request filtered by Spring Security, otherwise SecurityContextHolder is not updated        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);        token.setDetails(new WebAuthenticationDetails(request));        Authentication authentication = this.authenticationProvider.authenticate(token);        logger.debug("Logging in with [{}]", authentication.getPrincipal());        SecurityContextHolder.getContext().setAuthentication(authentication);    } catch (Exception e) {        SecurityContextHolder.getContext().setAuthentication(null);        logger.error("Failure in autoLogin", e);    }}