Spring 引导安全主体用户更改为新登录的用户详细信息
[英]Spring boot security principal user getting changed to newly logged in user details
问题描述
Am using spring boot 2.2.4 with spring security.
我正在使用 spring 启动 2.2.4 和 spring 安全性。 And the problem am facing is every time am logging in with a new user the principal username is getting reset to the newly logged in user's details, Why.我面临的问题是每次使用新用户登录时,主要用户名都会重置为新登录用户的详细信息,为什么。 However as I have observed the session ID remains correct.但是,正如我所观察到的,session ID 仍然正确。 I don't understand this behavior.我不明白这种行为。 Any idea?任何想法?
@EnableWebSecurity
public class IctSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//URLs matching for access rights
.antMatchers("/").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/signin").permitAll()
.antMatchers("/ict/**/**").permitAll()
.antMatchers("/user/queue/reply").hasAnyAuthority(RolesConst.APP_USER)
.antMatchers("/find").hasAnyAuthority(RolesConst.APP_USER)
//.anyRequest().authenticated()
.and()
//form login
.csrf().disable().formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.defaultSuccessUrl("/dashboard")
.and()
//logout
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login").and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
//return NoOpPasswordEncoder.getInstance();
}
}
UserDetails service用户详情服务
@Service
public class IctUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//return new IctUserDetails(username);
Optional<UserEntity> user = userRepository.findByUsername(username);
user.orElseThrow(() -> new UsernameNotFoundException("Not found: " + username));
//UserController.groupname(username);
return user.map(IctUserDetails::new).get();
}
}
UserDetails class用户详情 class
public class IctUserDetails implements UserDetails {
private static final long serialVersionUID = 1L;
public static String username;
private String password;
private List<? extends GrantedAuthority> authorities;
public IctUserDetails() {
}
public IctUserDetails(UserEntity userEntity) {
this.username = userEntity.getUsername();
this.password = userEntity.getPassword();
List<SimpleGrantedAuthority> authoriteis = getRoleAuthoritiesFromUserEntity(userEntity);
this.authorities = authoriteis;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
/**
* Get list of role authorities from current user entity
* @param userRoleEntities
* @return
*/
@Transactional
private List<SimpleGrantedAuthority> getRoleAuthoritiesFromUserEntity(UserEntity userEntity) {
Collection<UserRoleEntity> userRoleEntities = userEntity.getUserRoleEntities();
List<SimpleGrantedAuthority> authoriteis = userRoleEntities
.stream()
.map(ur -> ur.getRole().getRoleName())
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
return authoriteis;
}
}
1 个解决方案
解决方案1
0 2020-04-12 19:02:46
So, this was the problem.所以,这就是问题所在。 I had declared username in my UserDetails class as static public static String username;我在我的 UserDetails class 中将用户名声明为 static public static String username; . .
I have changed this to private String username;我已将其更改为private String username; and all is good now.现在一切都很好。 Thanks.谢谢。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
在Spring Boot OAuth 2中无法从主体对象获取用户详细信息 - Not able to get user details from principal object in Spring boot OAuth 2
从 Spring 安全中检索未记录的用户详细信息 - Retrieve not-logged User Details from Spring Security
Principal保留字符串,尽管使用Spring安全性中的自定义用户详细信息类 - Principal stays string albeit using a custom user details class in Spring security
使用Spring Security时获取当前登录的用户名 - Getting the current logged in user name when using Spring Security
Spring 启动 Oauth 安全性 - 客户端凭据授予类型中主体中的用户(自定义信息)信息 - Spring boot Oauth security - User(custom info) info in the principal in Client Credentials grant type
Spring 引导 2.2.6 - 安全 | 更新用户信息后如何更新 Principal - Spring Boot 2.2.6 - Security | How to update Principal after updating user's information
如何在Spring MVC REST通道中获取登录的用户名/ Principal? - How to get logged user name/Principal in Spring MVC REST channel?
java.lang.IllegalStateException:Current user principal is not of type when i try to integrate keycloak with spring boot web + spring security project - java.lang.IllegalStateException:Current user principal is not of type when i try to integrate keycloak with spring boot web + spring security project
春季安全错误登录的用户 - spring-security wrong logged user
使用Spring Security检索记录的用户组 - Retrieving logged user group(s) with Spring Security
相关标签