UserDetails getPassword 在 Spring Security 3.1 中返回 null.如何获取当前登录用户的密码? [英] UserDetails getPassword returns null in spring security 3.1. How to get password of currently logged in user?
问题描述
我已经使用 spring security 实现了更改密码功能,但是 ((UserDetails) principal).getPassword()) 为登录用户返回 null.
I have implemented change password functionality using spring security but ((UserDetails) principal).getPassword()) is returning null for logged in user.
如果我没记错的话,这曾经在 3.0 早期工作过.这在 3.1 中是否有所更改,因此无法检索到已登录用户的当前密码?
If I remember correctly, this used to work earlier in 3.0. Was this changed in 3.1 so that the current password of the logged in user cannot be retrieved?
在下面的代码中,我正在检查从网页输入的用户密码的当前密码.然后我检查登录用户的密码是否与输入的密码匹配.如果是,那么我想设置 oldPasswordMatchNewPassword = true.
In the below code I am checking the current password typed in user password from the web page. I am then checking if the logged in user's password matches the typed in password. If it does then I want to set oldPasswordMatchNewPassword = true.
如何实现此功能?
@RequestMapping(value = "/account/changePassword.do", method = RequestMethod.POST)
public String submitChangePasswordPage(
@RequestParam("oldpassword") String oldPassword,
@RequestParam("password") String newPassword) {
Object principal = SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = principal.toString();
if (principal instanceof UserDetails) {
username = ((UserDetails) principal).getUsername();
System.out.println("username: " + username);
System.out.println("password: "
+ ((UserDetails) principal).getPassword());
if (((UserDetails) principal).getPassword() != null) {
if (((UserDetails) principal).getPassword().equals(oldPassword)) {
oldPasswordMatchNewPassword = true;
}
}
}
if (oldPasswordMatchNewPassword == true) {
logger.info("Old password matches new password. Password will be updated.");
changePasswordDao.changePassword(username, newPassword);
SecurityContextHolder.clearContext();
return "redirect:home.do";
} else {
logger.info("Old password did not match new password. Password will be not be updated.");
return null;
}
}
我放了几个 sysout() 以便我可以看到返回的值.对于 ((UserDetails) principal).getUsername() 我可以看到正确的登录用户.((UserDetails) principal).getPassword() 它返回 null.
I put a couple of sysout()s so that I can see the values returned. For ((UserDetails) principal).getUsername() I can see the correct logged in user. ((UserDetails) principal).getPassword() it is returning null.
我如何获得 ((UserDetails) principal).getPassword() 这个值?
How do I get ((UserDetails) principal).getPassword() this value?
提前致谢!
推荐答案
我使用这段代码 (erase-credentials="false") 来解决这个问题.我不知道这是否是一个优雅的解决方案,但它解决了我的问题:
I used this block of code (erase-credentials="false") to fix this. I do not know if this is an elegant solution but it fixed my problem:
<authentication-manager alias="authenticationManager" erase-credentials="false">
<!-- authentication-provider user-service-ref="userService" -->
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
</authentication-manager>
这篇关于UserDetails getPassword 在 Spring Security 3.1 中返回 null.如何获取当前登录用户的密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!