UserDetails userDetails = accountDao.getAccountByLoginName(username);
// 密碼加密,salt可以爲空,表示不加添加劑
String encodedPassword = passwordEncoder.encodePassword(password, null);
if (userDetails.getPassword().equals(encodedPassword)) {
Authentication authentication = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(),userDetails.getAuthorities());
// spring security 將權限及用戶信息存入securityContext
SecurityContext securityContext = SecurityContextHolder.getContext();
securityContext.setAuthentication(authentication);
ActionContext ctx = ActionContext.getContext();
HttpServletRequest request = (HttpServletRequest)ctx.get(ServletActionContext.HTTP_REQUEST);
HttpSession session = request.getSession(true);
HttpServletResponse response = (HttpServletResponse)ctx.get(ServletActionContext.HTTP_RESPONSE);
response.setHeader("P3P", "CP=CAO PSA OUR"); //用於ajax請求保存session
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext); //將用戶信息放入session
}