SPRING:将自定义用户详细信息添加到 spring 安全用户 [英] SPRING: Add custom user details to spring security user

问题描述

我目前正在开发一个 Spring MVC 应用程序，我需要在登录时为我的 Spring Security 登录用户添加一个自定义字段(我插入用户名、密码、自定义值).当用户登录时，该值需要在任何地方都可用(例如，通过 pricipal.getValue).

I'm currently working on a Spring MVC application and I need to add a custom field to my Spring Security log-in user right when I log in (I insert username, password, custom value). This value needs to be available on everywhere when the user is logged in (e.g. via pricipal.getValue).

我阅读了很多关于自定义用户类和自定义服务的内容，但无法真正为我的问题找到可行的解决方案...

I read a lot about custom user classes and custom services, but can't really find a working solution for my problem...

任何帮助都会很棒！

推荐答案

就像 Avinash 说的，你可以让你的 User 类实现 UserDetails ，你也可以实现 UserDetailsS​​ervice 并覆盖相应的方法以返回自定义的User 对象:

Just like Avinash said, you can make your User class implement UserDetails and you can also implement UserDetailsService and override corresponding methods to return the custom User object:

@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {

    //get user from the database, via Hibernate
    @Autowired
    private UserDao userDao;

    @Transactional(readOnly=true)
    @Override
    public UserDetails loadUserByUsername(final String username)
        throws UsernameNotFoundException {
//CUSTOM USER HERE vvv
        User user = userDao.findByUserName(username);
        List<GrantedAuthority> authorities =
                                      buildUserAuthority(user.getUserRole());
//if you're implementing UserDetails you wouldn't need to call this method and instead return the User as it is
        //return buildUserForAuthentication(user, authorities);
return user;

    }

    // Converts user to spring.springframework.security.core.userdetails.User
    private User buildUserForAuthentication(user,
        List<GrantedAuthority> authorities) {
        return new User(user.getUsername(), user.getPassword(),
            user.isEnabled(), true, true, true, authorities);
    }

    private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {

        Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();

        // add user's authorities
        for (UserRole userRole : userRoles) {
            setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
        }

        List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);

        return Result;
    }

}

您只需使用自定义 UserdetailsS​​ervice 配置您的 WebConfigurerAdapter :

And you just configure your WebConfigurerAdapter using the custom UserdetailsService :

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}

@Override
protected void configure(HttpSecurity http) throws Exception {

    //authorization logic here ...
}

    @Bean
    public PasswordEncoder passwordEncoder(){
        // return preferred PasswordEncoder ...//
    }


}

这里是自定义 UserDetails 实现的示例:自定义用户详细信息

Here, a sample of a custom UserDetails implementation: custom UserDetails

这篇关于SPRING:将自定义用户详细信息添加到 spring 安全用户的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！