问答博客资讯标签用户活动
logo极客观点logo项目管理logoHarmonyOS
javascript
前端
python
node.js
react
vue.js
php
laravel
go
人工智能
mysql
linux
ios
java
android
css
typescript
spring
程序员
logoONES 研发管理logo思否企业问答logo安谋科技 XPU

SPRING:将自定义用户详细信息添加到 spring 安全用户

社区维基
1
新手上路,请多包涵

我目前正在开发一个 Spring MVC 应用程序,我需要在登录时向我的 Spring Security 登录用户添加一个自定义字段(我插入用户名、密码、自定义值)。当用户登录时,该值需要在任何地方都可用(例如通过 pricipal.getValue)。

我阅读了很多关于自定义用户类和自定义服务的内容,但无法真正找到解决我问题的有效方法……

任何帮助都会很棒!

原文由 counter1602 发布,翻译遵循 CC BY-SA 4.0 许可协议

Stack Overflow 翻译javaspringspring-mvcspring-security
阅读 492
2 个回答
得票最新
社区维基
1
✓ 已被采纳

Just like Avinash said, you can make your User class implement UserDetails and you can also implement UserDetailsService and override corresponding methods to return the custom User 对象:

 @Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {

    //get user from the database, via Hibernate
    @Autowired
    private UserDao userDao;

    @Transactional(readOnly=true)
    @Override
    public UserDetails loadUserByUsername(final String username)
        throws UsernameNotFoundException {
//CUSTOM USER HERE vvv
        User user = userDao.findByUserName(username);
        List<GrantedAuthority> authorities =
                                      buildUserAuthority(user.getUserRole());
//if you're implementing UserDetails you wouldn't need to call this method and instead return the User as it is
        //return buildUserForAuthentication(user, authorities);
return user;

    }

    // Converts user to spring.springframework.security.core.userdetails.User
    private User buildUserForAuthentication(user,
        List<GrantedAuthority> authorities) {
        return new User(user.getUsername(), user.getPassword(),
            user.isEnabled(), true, true, true, authorities);
    }

    private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {

        Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

        // add user's authorities
        for (UserRole userRole : userRoles) {
            setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
        }

        List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);

        return Result;
    }

}

你只需配置你的 WebConfigurerAdapter 使用自定义 UserdetailsService

 @Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    //authorization logic here ...
}

    @Bean
    public PasswordEncoder passwordEncoder(){
        // return preferred PasswordEncoder ...//
    }

}

在这里,自定义的示例 UserDetails 实现: 自定义 UserDetails

原文由 Daniel Arechiga 发布,翻译遵循 CC BY-SA 3.0 许可协议

社区维基
1

创建实现 UserDetails 接口的类。

 public class User implements UserDetails {
    // Your user properties
    // implement methods
}

然后,一旦通过身份验证,您就可以像这样在项目的任何地方访问这个对象。

 User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();

原文由 Avinash 发布,翻译遵循 CC BY-SA 3.0 许可协议

撰写回答
你尚未登录,登录后可以
  • 和开发者交流问题的细节
  • 关注并接收问题和回答的更新提醒
  • 参与内容的编辑和改进,让解决方法与时俱进
推荐问题