在Spring Security 3.1中,UserDetails getPassword返回null.如何获取当前登录用户的密码? [英] UserDetails getPassword returns null in spring security 3.1. How to get password of currently logged in user?
问题描述
我已经使用Spring Security实现了更改密码功能,但是[[UserDetails)主体).getPassword())为登录用户返回null.
I have implemented change password functionality using spring security but ((UserDetails) principal).getPassword()) is returning null for logged in user.
如果我没记错的话,这在3.0以前就可以使用.在3.1中是否进行了更改,以便无法获取已登录用户的当前密码?
If I remember correctly, this used to work earlier in 3.0. Was this changed in 3.1 so that the current password of the logged in user cannot be retrieved?
在下面的代码中,我正在检查从网页输入的用户密码中的当前密码.然后,我正在检查登录用户的密码是否与键入的密码匹配.如果是这样,那么我想将oldPasswordMatchNewPassword设置为true.
In the below code I am checking the current password typed in user password from the web page. I am then checking if the logged in user's password matches the typed in password. If it does then I want to set oldPasswordMatchNewPassword = true.
如何实现此功能?
@RequestMapping(value = "/account/changePassword.do", method = RequestMethod.POST)
public String submitChangePasswordPage(
@RequestParam("oldpassword") String oldPassword,
@RequestParam("password") String newPassword) {
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = principal.toString();
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
System.out.println("username: " + username);
System.out.println("password: "
+ ((UserDetails) principal).getPassword());
if (((UserDetails) principal).getPassword() != null) {
if (((UserDetails) principal).getPassword().equals(oldPassword)) {
oldPasswordMatchNewPassword = true;
}
}
}
if (oldPasswordMatchNewPassword == true) {
logger.info("Old password matches new password. Password will be updated.");
changePasswordDao.changePassword(username, newPassword);
SecurityContextHolder.clearContext();
return "redirect:home.do";
} else {
logger.info("Old password did not match new password. Password will be not be updated.");
return null;
}
}
我放了几个sysout(),以便可以看到返回的值. 对于((UserDetails)主体).getUsername()我可以看到正确的登录用户. ((UserDetails)主体).getPassword()返回空值.
I put a couple of sysout()s so that I can see the values returned. For ((UserDetails) principal).getUsername() I can see the correct logged in user. ((UserDetails) principal).getPassword() it is returning null.
如何获取((UserDetails)主体).getPassword()此值?
How do I get ((UserDetails) principal).getPassword() this value?
提前谢谢!
推荐答案
我使用了这段代码(erase-credentials ="false")来解决此问题.我不知道这是否是一种优雅的解决方案,但它解决了我的问题:
I used this block of code (erase-credentials="false") to fix this. I do not know if this is an elegant solution but it fixed my problem:
<authentication-manager alias="authenticationManager" erase-credentials="false">
<!-- authentication-provider user-service-ref="userService" -->
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
</authentication-manager>
这篇关于在Spring Security 3.1中,UserDetails getPassword返回null.如何获取当前登录用户的密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!