如何使用 Spring Security 访问 Controller 中的用户详细信息? [英] How to access user details in Controller using Spring Security?

问题描述

我需要在 Controller 中访问当前登录的用户详细信息(ID 或电子邮件地址).这就是我现在正在尝试这样做的方式，但这是行不通的.

I need to access currently logged-in user details (id or email address) in Controller. This is how I am trying to do so right now, and this doesn't work.

ApplicationUser 是数据库中的 @Entity.

用户详细信息服务:

@Service
public class UserDetailsServiceImpl implements UserDetailsService {
    private ApplicationUserRepository applicationUserRepository;

    public UserDetailsServiceImpl(ApplicationUserRepository applicationUserRepository) {
        this.applicationUserRepository = applicationUserRepository;
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        ApplicationUser applicationUser = applicationUserRepository.findByUsername(username);
        if (applicationUser == null) {
            throw new UsernameNotFoundException(username);
        }
        return builtCustomUser(applicationUser);
    }

    private User builtCustomUser(ApplicationUser applicationUser) {
        String username = applicationUser.getUsername();
        String password = applicationUser.getPassword();
        boolean enabled = true;
        boolean accountNonExpired = true;
        boolean credentialsNonExpired = true;
        boolean accountNonLocked = true;

        MyUser myUser = new MyUser(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, emptyList());

        return myUser;
    }
}

自定义用户类:

public class MyUser extends User implements UserDetails {
    public MyUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
        super(username, password, authorities);
    }

    public MyUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired,
                  boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
    }
}

这就是我试图在控制器中访问它的方式:

That's how I am trying to access it in Controller:

MyUser mu = (MyUser) authentication.getPrincipal();

这是错误:

java.lang.ClassCastException: class java.lang.String cannot be cast to class MyUser

推荐答案

在这个代码上，身份验证是UsernamePasswordAuthenticationToken，getPrincipal()的返回类型为String, 用户名.

On this code, actual type of Authentication is UsernamePasswordAuthenticationToken, and return type of getPrincipal() is String, username.

您可以将任何其他 Authentication 实现而不是 UsernamePasswordAuthenticationToken 设置为 Security>Context, 和也是免费的(因此您可以设置 MyUser).

You can set any other Authentication implementation instead of UsernamePasswordAuthenticationToken to SecurityContext, and principal type is free(so you can set MyUser), too.

这篇关于如何使用 Spring Security 访问 Controller 中的用户详细信息?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！