【发布时间】:2020-06-05 08:36:13
【问题描述】:
我已经实现了自定义 AuthenticationProvider:
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String name = authentication.getName();
String password = authentication.getCredentials().toString();
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
return new PassthroughAuthentication(name, password, grantedAuths);
}
直通身份验证:
public class PassthroughAuthentication implements Authentication {
private static final long serialVersionUID = 1L;
private String username;
private boolean authenticated;
private Object password;
private List<GrantedAuthority> grantedAuthorities;
public PassthroughAuthentication(String username, String password, List<GrantedAuthority> grantedAuthorities){
super();
this.username = username;
this.password = password;
this.grantedAuthorities = grantedAuthorities;
}
@Override
public String getName() {
return this.username;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return this.grantedAuthorities;
}
@Override
public Object getCredentials() {
return this.password;
}
@Override
public Object getDetails() {
return null;
}
@Override
public Object getPrincipal() {
return new User(username, password.toString(), grantedAuthorities );
}
@Override
public boolean isAuthenticated() {
return authenticated;
}
@Override
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
this.authenticated = isAuthenticated;
}
}
而且我可以使用 VisualVM 看到每个请求的 PassthroughAuthentication 对象都保留在内存中,并且永远不会被 GC 处理。
但我的请求是无状态的,并且我已禁用会话管理。
什么可以举办这个课程?
【问题讨论】:
-
这个 PassthroughAuthentication 是什么?您是否尝试过使用 UsernamePasswordAuthenticationToken?
-
@FaustoCarvalhoMarquesSilva 这是我的自定义类,我已经用代码更新了问题。
标签: java spring spring-security memory-leaks