stackoom
  简体   繁体   中英

Get more information from User - Spring Security

 原文  2011-12-16 13:47:35       java/ security/ spring/ login

Question

I have implemented Spring Security in my application. I have used default implementation, ie, I have configured it with my own parameters (DataSource, Secured Areas, etc), but I haven't write any Custom implementation.

Now I want to capture more data from the user, that is on the same table as username and password, like company name, id, etc. However, I don't want do use this information in order to login.

I'm not sure how to do it. From what I've read, it's related to UserDetailsService. However, it seems that writing a Custom UserDetailsService would be necessary if I wanted to use this information during the login, and that's not what I want. I just want to use this information inside the application, after the user have logged in.

Is it really related to UserDetailsServer? Is this the only file I have to modificate?

All the examples I found of custom UserDetailsService just used username and password, so I can't understand where new data would come in.

Thanks!

1 answers

solution1
 14 ACCPTED  2011-12-16 13:59:50

Overriding the UserDetailsService is what we did.. You'll need to implement your own UserDetailsService and your own UserDetails object: 

public class CustomService implements UserDetailsService {
   @Transactional(readOnly = true)
    public UserDetails loadUserByUsername(String username) {

        Account account = accountDAO.findAccountByName(username);

        if (account == null) {
            throw new UsernameNotFoundException("account name not found");
        }
        return buildUserFromAccount(account);
    }


    @SuppressWarnings("unchecked")
    @Transactional(readOnly = true)
    private User buildUserFromAccount(Account account) {

        String username = account.getUsername();
        String password = account.getPassword();
        boolean enabled = account.getEnabled();
        boolean accountNonExpired = account.getAccountNonExpired();
        boolean credentialsNonExpired = account.getCredentialsNonExpired();
        boolean accountNonLocked = account.getAccountNonLocked();

        // additional information goes here
        String companyName = companyDAO.getCompanyName(account);


        Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
        for (Role role : account.getRoles()) {
            authorities.add(new SimpleGrantedAuthority(role.getName()));
        }

        CustomUserDetails user = new CustomUserDetails (username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked,
                authorities, company);

        return user;
    }


public class CustomUserDetails extends User{

    // ...
    public CustomUserDetails(..., String company){
         super(...);
         this.company = company;
    }

    private String company;

    public String getCompany() { return company;}

    public void setCompany(String company) { this.company = company;}
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Accessing Spring Security Threadlocal user information from outside of spring security Spring Security User Information Java Spring Security. Logged user information How to get additional user attributes from LDAP in Spring Security? How to get the current logged in user object from spring security? Can't get active user list from spring security session How to get User ID from CustomUser on Spring Security Spring Security - get current user fields from database Get current authenticated user from security context as key for Spring Cache Spring Security - Get user details from another table
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM