Spring Security @AuthenticationPrincipal [英] Spring Security @AuthenticationPrincipal
问题描述
我一直在尝试让@AuthenticationPrincipal与自定义User类一起正常使用.不幸的是,用户始终为空.这是代码:
I've been trying to get @AuthenticationPrincipal to work properly with a custom User class. Unfortunately, the user is always null. Here's the code:
控制器
@RequestMapping(value = "/", method = RequestMethod.GET)
public ModelAndView index(@AuthenticationPrincipal User user) {
ModelAndView mav= new ModelAndView("/web/index");
mav.addObject("user", user);
return mav;
}
安全配置
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
CustomUserDetailsService customUserDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
}
}
CustomUserDetailsService
@Component
public class CustomUserDetailsService implements UserDetailsService {
@Autowired
UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// Spring Data findByXY function
return userRepository.findByUsername(username);
}
用户实体
public class User implements UserDetails{
private String username;
private String password;
private Collection<Authority> authorities;
// Getters and Setters
}
权威实体
public class Authority implements GrantedAuthority{
private User user;
private String role;
// Getters and Setters
@Override
public String getAuthority() {
return this.getRole();
}
}
我尝试了各种解决方案,例如在网上找到的像这样转换我的自定义用户对象:
I've tried various solutions to this I found online, e.g. converting my custom user object like this:
return new org.springframework.security.core.userdetails.User(user.getLogin(), user.getPassword(), true, true, true, true, authorities);
获取活动用户的其他方法都没有问题,但是我发现@AuthenticationProvider CustomUserObject是最干净的方法,这就是为什么我想使其正常工作.任何帮助,我们将不胜感激.
The other ways to get the active users are working without a problem, but I find the @AuthenticationProvider CustomUserObject to be the cleanest way, which is why I would like to get this to work. Any help is greatly appreciated.
推荐答案
您可以直接在方法参数中为经过身份验证的用户指定依赖项,而不必使用@AuthenticationPrincipal.如下所示
Instead of using @AuthenticationPrincipal you can directly specify your dependency for authenticated user in method argument. something as given below
@RequestMapping(value = "/", method = RequestMethod.GET)
public ModelAndView index(Principal user) {
ModelAndView mav= new ModelAndView("/web/index");
mav.addObject("user", user);
return mav;
}
此Principal对象将是通过Spring安全性进行身份验证的实际对象.当该方法被调用时,Spring会为您注入.
This Principal object will be actual object that got authenticated through spring security. Spring will inject this for you when the method will get invoked.
这篇关于Spring Security @AuthenticationPrincipal的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!