如何使用 Spring Security 访问 Controller 中的用户详细信息? [英] How to access user details in Controller using Spring Security?
问题描述
我需要在 Controller 中访问当前登录的用户详细信息(ID 或电子邮件地址).这就是我现在正在尝试这样做的方式,但这是行不通的.
I need to access currently logged-in user details (id or email address) in Controller. This is how I am trying to do so right now, and this doesn't work.
ApplicationUser
是数据库中的 @Entity
.
用户详细信息服务:
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
private ApplicationUserRepository applicationUserRepository;
public UserDetailsServiceImpl(ApplicationUserRepository applicationUserRepository) {
this.applicationUserRepository = applicationUserRepository;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
ApplicationUser applicationUser = applicationUserRepository.findByUsername(username);
if (applicationUser == null) {
throw new UsernameNotFoundException(username);
}
return builtCustomUser(applicationUser);
}
private User builtCustomUser(ApplicationUser applicationUser) {
String username = applicationUser.getUsername();
String password = applicationUser.getPassword();
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
MyUser myUser = new MyUser(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, emptyList());
return myUser;
}
}
自定义用户类:
public class MyUser extends User implements UserDetails {
public MyUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
super(username, password, authorities);
}
public MyUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired,
boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
}
这就是我试图在控制器中访问它的方式:
That's how I am trying to access it in Controller:
MyUser mu = (MyUser) authentication.getPrincipal();
这是错误:
java.lang.ClassCastException: class java.lang.String cannot be cast to class MyUser
推荐答案
在这个代码上,身份验证
是UsernamePasswordAuthenticationToken
,getPrincipal()
的返回类型为String
, 用户名.
On this code, actual type of Authentication
is UsernamePasswordAuthenticationToken
, and return type of getPrincipal()
is String
, username.
您可以将任何其他 Authentication
实现而不是 UsernamePasswordAuthenticationToken
设置为 Security>Context, 和
也是免费的(因此您可以设置 MyUser
).
You can set any other Authentication
implementation instead of UsernamePasswordAuthenticationToken
to SecurityContext
, and principal type is free(so you can set MyUser
), too.
这篇关于如何使用 Spring Security 访问 Controller 中的用户详细信息?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!