仿造的acegi threadlocal

相关文章:  

• 正确理解ThreadLocal
• ThreadLocal 与synchronized
• ThreadLocal and synchronized 补充

推荐圈子: JBPM @net
更多相关推荐

<script type="text/javascript"> new Draggable(&quot;related_topics&quot;); </script> 用过acegi的都知道acegi的用户登陆信息（用户id 角色）等放在threadLocal 中
下面是自己土制的threadLocal 比acegi的简单很多，更容易明白它的原理
用过OpenSessionInView的就不用看了，原理完全一样
下面给出关键代码

//安全上下文，保存用户登陆数据

public
 
class
 SecurityContext {

    
public
 
final
 
static
 String SECURITY_CONTEXT_KEY = 
"cn.lottery.sale.security.securityContext"
;

    
private
 Long userId;

    
private
 String username;

    
private
 List<String> roles = 
new
 ArrayList<String>();

}

//安全上下文，保存用户登陆数据
public class SecurityContext {
	public final static String SECURITY_CONTEXT_KEY = "cn.lottery.sale.security.securityContext";
	private Long userId;
	private String username;
	private List<String> roles = new ArrayList<String>();
}

LoginAction中的login方法

    
public
 String login(){

        SecurityContext sc = 
new
 SecurityContext();

        sc.setUsername(username);

        getRequest().getSession().setAttribute(SecurityContext.SECURITY_CONTEXT_KEY, sc);

        
return
 SUCCESS;

    }

LoginAction中的login方法
	public String login(){
		SecurityContext sc = new SecurityContext();
		sc.setUsername(username);
		getRequest().getSession().setAttribute(SecurityContext.SECURITY_CONTEXT_KEY, sc);
		return SUCCESS;
	}

//安全过滤器。绑定session中用户信息到threadLocal

public
 
class
 SecurityFilter 
implements
 Filter {

    
private
 
final
 
static
 Logger logger = LoggerFactory.getLogger(SecurityFilter.
class
);


    
public
 
void
 doFilter(ServletRequest request, ServletResponse response,

            FilterChain chain) 
throws
 IOException, ServletException {


        HttpServletRequest req = (HttpServletRequest)request;

        HttpSession session = req.getSession();


        
if
(session != 
null
){

            SecurityContext context = (SecurityContext)session.getAttribute(SecurityContext.SECURITY_CONTEXT_KEY);

            logger.debug(
"绑定用户信息到线程"
 + Thread.currentThread().getId());

            SecurityContextHolder.set(context);

        }

        
try
{

            chain.doFilter(request, response);

        }
finally
{

            logger.debug(
"删除绑定到当前线程的用户信息"
 + Thread.currentThread().getId());

            SecurityContextHolder.remove();

        }


    }

}

//安全过滤器。绑定session中用户信息到threadLocal

public class SecurityFilter implements Filter {
	private final static Logger logger = LoggerFactory.getLogger(SecurityFilter.class);
	
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		
		HttpServletRequest req = (HttpServletRequest)request;
		HttpSession session = req.getSession();
		
		if(session != null){
			SecurityContext context = (SecurityContext)session.getAttribute(SecurityContext.SECURITY_CONTEXT_KEY);
			logger.debug("绑定用户信息到线程" + Thread.currentThread().getId());
			SecurityContextHolder.set(context);
		}
		try{
			chain.doFilter(request, response);
		}finally{
			logger.debug("删除绑定到当前线程的用户信息" + Thread.currentThread().getId());
			SecurityContextHolder.remove();
		}
		
	}
}

//逻辑类

public
 
class
 LotteryManager {

    
private
 
final
 
static
 Logger logger = LoggerFactory.getLogger(LotteryManager.
class
);

    
private
 LotteryDAO lotteryDAO;


    
@Transactional
(readOnly = 
true
)

    
public
 List<Lottery> findLotteryByName(String lotteryName){

        logger.debug( SecurityContextHolder.get().getUsername() ); 
//看这儿啦 获取用户名。省去传递参数哪么麻烦

        
return
 lotteryDAO.findByProperty(
"shortName"
, lotteryName);

    }


}