SPRING:将自定义用户详细信息添加到 spring 安全用户 [英] SPRING: Add custom user details to spring security user
问题描述
我目前正在开发一个 Spring MVC 应用程序,我需要在登录时为我的 Spring Security 登录用户添加一个自定义字段(我插入用户名、密码、自定义值).当用户登录时,该值需要在任何地方都可用(例如,通过 pricipal.getValue).
I'm currently working on a Spring MVC application and I need to add a custom field to my Spring Security log-in user right when I log in (I insert username, password, custom value). This value needs to be available on everywhere when the user is logged in (e.g. via pricipal.getValue).
我阅读了很多关于自定义用户类和自定义服务的内容,但无法真正为我的问题找到可行的解决方案...
I read a lot about custom user classes and custom services, but can't really find a working solution for my problem...
任何帮助都会很棒!
推荐答案
就像 Avinash 说的,你可以让你的 User
类实现 UserDetails
,你也可以实现 UserDetailsService
并覆盖相应的方法以返回自定义的User
对象:
Just like Avinash said, you can make your User
class implement UserDetails
and you can also implement UserDetailsService
and override corresponding methods to return the custom User
object:
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {
//get user from the database, via Hibernate
@Autowired
private UserDao userDao;
@Transactional(readOnly=true)
@Override
public UserDetails loadUserByUsername(final String username)
throws UsernameNotFoundException {
//CUSTOM USER HERE vvv
User user = userDao.findByUserName(username);
List<GrantedAuthority> authorities =
buildUserAuthority(user.getUserRole());
//if you're implementing UserDetails you wouldn't need to call this method and instead return the User as it is
//return buildUserForAuthentication(user, authorities);
return user;
}
// Converts user to spring.springframework.security.core.userdetails.User
private User buildUserForAuthentication(user,
List<GrantedAuthority> authorities) {
return new User(user.getUsername(), user.getPassword(),
user.isEnabled(), true, true, true, authorities);
}
private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) {
Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>();
// add user's authorities
for (UserRole userRole : userRoles) {
setAuths.add(new SimpleGrantedAuthority(userRole.getRole()));
}
List<GrantedAuthority> Result = new ArrayList<GrantedAuthority>(setAuths);
return Result;
}
}
您只需使用自定义 UserdetailsService
配置您的 WebConfigurerAdapter
:
And you just configure your WebConfigurerAdapter
using the custom UserdetailsService
:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//authorization logic here ...
}
@Bean
public PasswordEncoder passwordEncoder(){
// return preferred PasswordEncoder ...//
}
}
这里是自定义 UserDetails
实现的示例:自定义用户详细信息
Here, a sample of a custom UserDetails
implementation:
custom UserDetails
这篇关于SPRING:将自定义用户详细信息添加到 spring 安全用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!