我正在使用 Spring 3.0 和 Spring Security 3。我能够使用 Spring Security 对数据库进行用户身份验证。使用:
极客观点
项目管理
HarmonyOS
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
我能够检索当前登录用户的用户名。我希望添加其他详细信息,如用户 ID 和模块访问存储在 Spring Security 上下文中的主体对象,以便我以后可以检索它。如何向主体对象添加其他详细信息,然后如何在 jsp 或 java 类上检索它。如果可能,请提供适当的代码片段。
编辑:我正在使用 JDBC 访问我的数据库。
提前致谢。
原文由 ManeetK 发布,翻译遵循 CC BY-SA 4.0 许可协议
这是您需要的:
javaUser ( org.springframework.security.core.userdetails.User ) 类和你需要的任何属性。UserDetailsService ( org.springframework.security.core.userdetails.UserDetailsService ) 并填充上面的对象。覆盖 loadUserByUsername 并返回你的扩展用户类UserDetailsService AuthenticationManagerBuilder例如
public class CurrentUser extends User{
//This constructor is a must
public CurrentUser(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked,
Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
//Setter and getters are required
private String firstName;
private String lastName;
}
自定义用户详细信息可以是:
@Service("userDetailsService")
public class CustomUserDetailsService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException {
//Try to find user and its roles, for example here we try to get it from database via a DAO object
//Do not confuse this foo.bar.User with CurrentUser or spring User, this is a temporary object which holds user info stored in database
foo.bar.User user = userDao.findByUserName(username);
//Build user Authority. some how a convert from your custom roles which are in database to spring GrantedAuthority
List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRole());
//The magic is happen in this private method !
return buildUserForAuthentication(user, authorities);
}
//Fill your extended User object (CurrentUser) here and return it
private User buildUserForAuthentication(foo.bar.User user,
List<GrantedAuthority> authorities) {
String username = user.getUsername();
String password = user.getPassword();
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
return new CurrentUser(username, password, enabled, accountNonExpired, credentialsNonExpired,
accountNonLocked, authorities);
//If your database has more information of user for example firstname,... You can fill it here
//CurrentUser currentUser = new CurrentUser(....)
//currentUser.setFirstName( user.getfirstName() );
//.....
//return currentUser ;
}
private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
// Build user's authorities
for (UserRole userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
}
return new ArrayList<GrantedAuthority>(setAuths);
}
}
配置 spring 安全上下文
@Configuration
@EnableWebSecurity
@PropertySource("classpath://configs.properties")
public class SecurityContextConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
private UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
一切都完成了!
您可以调用 (CurrentUser)getAuthentication().getPrincipal() 获取新的 CurrentUser 或设置一些属性。
原文由 Alireza Fattahi 发布,翻译遵循 CC BY-SA 3.0 许可协议
15 回答8.4k 阅读
8 回答6.2k 阅读
1 回答4.1k 阅读✓ 已解决
3 回答2.6k 阅读✓ 已解决
3 回答2.2k 阅读✓ 已解决
2 回答3.1k 阅读
2 回答3.8k 阅读
为了向经过身份验证的用户添加更多详细信息。您需要首先创建自己的 User 对象的实现,它应该扩展 spring security User 对象。之后,您可以添加要添加到经过身份验证的用户的属性。完成此操作后,您需要在
UserDetailService中返回用户对象的实现(如果您未使用 LDAP 进行身份验证)。此链接提供了向经过身份验证的用户添加更多详细信息的详细信息——http://javahotpot.blogspot.com/2013/12/spring-security-adding-more-information.html