如何使用Spring Security 3.1更改当前用户的登录名? [英] How to change the login name for the current user with Spring Security 3.1?
问题描述
我要求每个用户在登录时都可以更改自己的用户名。问题是如何在Spring Security中更新用户名( Principal ) ■身份验证令牌?
I have the requirement that every user can change his own user name while he stays logged in. The problem is how to update the username (Principal) in Spring Security`s Authentication Token?
(我必须更新它,因为我使用身份验证令牌中的原始名称来识别某些业务用例中的用户。)
我使用基于表单和cookie记忆我的登录,所以我的身份验证令牌是 UsernamePaswordAuthenticationToken 和 RememberMeAuthenticationToken 。两者都有一个字段 principal ,其中存储了登录名。不幸的是,这个变量是 final ,所以我无法改变它的价值。
I use form based and cookie rememeber me based login so my Authentication Tokens are UsernamePaswordAuthenticationToken and RememberMeAuthenticationToken. Both have a field principal where the login name is stored. Unfortunately this variable is final, so I can not change its value.
有没有人有个主意Spring Security如何建议更改身份验证令牌中的 Principal ?
Does anybody has an idea how Spring Security recomends to change the Principal in the Authentication Token?
我的当前workarround是我替换 UsernamePaswordAuthenticationToken 和 RememberMeAuthenticationToken ,其子类具有额外的非最终主要字段并覆盖 getPrincipal()返回此附加主体而不是原始主体的方法。然后我还将生成此标记的两个类子类化,以创建我的标记而不是原始标记。 ---但我觉得这是个大黑客。
My current workarround is that I replaced the UsernamePaswordAuthenticationToken and RememberMeAuthenticationToken with subclasses that have an additional not final principal field and override the getPrincipal() method to return this additional principal instead of the original one. Then I have also subclassed the two classes that generate this tokens to create my tokens instead of the original one. --- But I feel that this is a big hack.
推荐答案
为什么选择令牌 ie 身份验证子类?不是 Authentication.getPrincipal()在你的情况下返回 UserDetails 的实例?
Why go with token i.e. Authentication subclasses? Doesn't Authentication.getPrincipal() return an instance of UserDetails in your case?
如果您提供了自己的 UserDetails 实现(一个带有 setUsername()方法)如果我能正确理解你的情况,那么在认证你是免费的。
If you supplied your own UserDetails implementation (one with a setUsername() method) while authenticating you're home free if I understand your case correctly.
这篇关于如何使用Spring Security 3.1更改当前用户的登录名?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
