我试图在用户主体对象中保存额外的数据。
我所做的是:
实现"UserDetails"接口到我现有的用户类,我的额外数据保存(如电子邮件地址等)。
@Entity
public class User implements UserDetails {
然后我创建了UserDetailsService实现:
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
User user = userDAO.findOneByUsername(username);
if (user == null)
throw new UsernameNotFoundException("username " + username
+ " not found");
System.out.println("---------------------> FOUND ------------->"
+ user.getEmail());
return user;
}
}
最后一步是在Security配置中添加UserDetailsService。
@Configuration
@EnableWebMvcSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsService());
// ...
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.userDetailsService(userDetailsService());
// ...
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
我在控制台中看到"loadUserByName"被调用两次(因为"Found"输出)。
当我试图访问主对象在我的控制器->
System.out.println(SecurityContextHolder.getContext()
.getAuthentication().getPrincipal());
我没有得到我的额外数据。当我试图将它强制转换为我的User对象时,我得到了一个不能强制转换的异常。
我错过了什么吗??
提前感谢。
好的。我的问题隐藏在我没有发布的代码中。
我认为这个detailsService只是为了获得额外的详细信息,但它是用于登录本身。
我额外配置了"jdbcAuthentication",spring似乎总是使用它。
现在我只配置了detailsService,一切都很好。
编辑。
所以我只需要删除这段代码:
auth.jdbcAuthentication() .dataSource(dataSource)
* .passwordEncoder(passwordEncoder) .usersByUsernameQuery(
// ....
现在它也适用于我的代码在上面的问题
创建扩展类:
public class CustomUserDetails extends org.springframework.security.core.userdetails.User{
private User user;
public CustomUserDetails(User user, Collection<? extends GrantedAuthority> authorities) {
super(user.getName(), user.getPassword(), authorities);
this.user = user;
}
public CustomUserDetails(User user, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
super(user.getName(), user.getPassword(), enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
this.user = user;
}
public User getUser() {
return user;
}
}
然后添加到UserDetailsService:
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
public UserDetails loadUserByUsername(String login) throws UsernameNotFoundException, DataAccessException {
UserDetails userDetails = null;
User user = userService.getByLogin(login);
userDetails = new CustomUserDetails(user,
true, true, true, true,
getAuthorities(user.getRole()));
return userDetails;
}
得到它!
(CustomUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()