我在我的web项目中使用SpringSecurity。我有实体用户,在数据库中保存。我需要在BD中使用用户的id来从这个BD中的其他表中获取任何信息。我如何在Spring Security中认证后从SecurityContextHolder中获得我的用户,而不是标准的Spring用户(此用户没有id) ?
@Entity
@Table(name = "users")
public class User{
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private int id;
@Column(name = "name")
private String name;
@Column(name = "login")
private String login;
@Column(name = "password")
private String password;
+ getters and setters
p。抱歉我的英语不好
您将在另一个类中实现UserDetailsService接口和UserDetails接口。例如:
CustomUserDetailsService:
@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {
// your UserRepository for your user
private final UserRepository userRepository;
@Autowired
public CustomUserDetailsService(UserRepository userRepository) {
this.userRepository = userRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (null == user || ! user.getUsername().equals(username)) {
throw new UsernameNotFoundException("No user present with username: " + username);
} else {
return new CustomUserDetails(user);
}
}
}
CustomUserDetails:
// You want to extend your User class here
public class CustomUserDetails extends User implements UserDetails {
private static final long serialVersionUID = 1L;
private Users user;
public CustomUserDetails(User user) {
super(user);
this.user = user;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// You don't talk about UserRoles, so return ADMIN for everybody or implement roles.
return AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_ADMIN");
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
// just for example
return this.user.getActive() == true;
}
@Override
public String getUsername() {
return this.user.getUsername();
}
@Override
public String getPassword() {
return this.user.getPassword();
}
// Just an example to put some addititional Data to your logged in user
public String getUserDatabase() {
return "usertable" + Integer.toString(1 + this.user.getUserId());
}
}
在User类中,为hibernate创建一个空构造函数,并使用User实例:
@Entity
@Table(name = "users")
public class User{
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private int id;
@Column(name = "name")
private String name;
@Column(name = "login")
private String login;
@Column(name = "password")
private String password;
public User() {}
public User(User user) {
this.id = user.getId();
this.name = user.getName();
// … the same for all properties.
}
}
在您的WebSecurityConfig中,@Autowire和CustomUserDetailsService并将其注入认证流:
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
private final
UserDetailsService service;
@Autowired
public WebSecurityConfig(UserDetailsService service) {
this.service = service;
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(service).passwordEncoder(passwordEncoder());
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//left out because not related here
}
}
就是这样。现在,您可以使用以下命令将经过身份验证的主体强制转换为每个控制器或提供程序中的CustomUserDetails:
CustomUserDetails userDetails =
(CustomUserDetails) SecurityContextHolder
.getContext()
.getAuthentication()
.getPrincipal();