[英]Spring boot security principal user getting changed to newly logged in user details
我正在使用 spring 启动 2.2.4 和 spring 安全性。 我面临的问题是每次使用新用户登录时,主要用户名都会重置为新登录用户的详细信息,为什么。 但是,正如我所观察到的,session ID 仍然正确。 我不明白这种行为。 任何想法?
@EnableWebSecurity
public class IctSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//URLs matching for access rights
.antMatchers("/").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/signin").permitAll()
.antMatchers("/ict/**/**").permitAll()
.antMatchers("/user/queue/reply").hasAnyAuthority(RolesConst.APP_USER)
.antMatchers("/find").hasAnyAuthority(RolesConst.APP_USER)
//.anyRequest().authenticated()
.and()
//form login
.csrf().disable().formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.defaultSuccessUrl("/dashboard")
.and()
//logout
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login").and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
//return NoOpPasswordEncoder.getInstance();
}
}
用户详情服务
@Service
public class IctUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//return new IctUserDetails(username);
Optional<UserEntity> user = userRepository.findByUsername(username);
user.orElseThrow(() -> new UsernameNotFoundException("Not found: " + username));
//UserController.groupname(username);
return user.map(IctUserDetails::new).get();
}
}
用户详情 class
public class IctUserDetails implements UserDetails {
private static final long serialVersionUID = 1L;
public static String username;
private String password;
private List<? extends GrantedAuthority> authorities;
public IctUserDetails() {
}
public IctUserDetails(UserEntity userEntity) {
this.username = userEntity.getUsername();
this.password = userEntity.getPassword();
List<SimpleGrantedAuthority> authoriteis = getRoleAuthoritiesFromUserEntity(userEntity);
this.authorities = authoriteis;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
/**
* Get list of role authorities from current user entity
* @param userRoleEntities
* @return
*/
@Transactional
private List<SimpleGrantedAuthority> getRoleAuthoritiesFromUserEntity(UserEntity userEntity) {
Collection<UserRoleEntity> userRoleEntities = userEntity.getUserRoleEntities();
List<SimpleGrantedAuthority> authoriteis = userRoleEntities
.stream()
.map(ur -> ur.getRole().getRoleName())
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
return authoriteis;
}
}
所以,这就是问题所在。 我在我的 UserDetails class 中将用户名声明为 static public static String username; .
我已将其更改为private String username; 现在一切都很好。 谢谢。
在Spring Boot OAuth 2中无法从主体对象获取用户详细信息
[英]Not able to get user details from principal object in Spring boot OAuth 2
Principal保留字符串,尽管使用Spring安全性中的自定义用户详细信息类
[英]Principal stays string albeit using a custom user details class in Spring security
Spring 启动 Oauth 安全性 - 客户端凭据授予类型中主体中的用户(自定义信息)信息
[英]Spring boot Oauth security - User(custom info) info in the principal in Client Credentials grant type
Spring 引导 2.2.6 - 安全 | 更新用户信息后如何更新 Principal
[英]Spring Boot 2.2.6 - Security | How to update Principal after updating user's information
如何在Spring MVC REST通道中获取登录的用户名/ Principal?
[英]How to get logged user name/Principal in Spring MVC REST channel?
java.lang.IllegalStateException:Current user principal is not of type when i try to integrate keycloak with spring boot web + spring security project
[英]java.lang.IllegalStateException:Current user principal is not of type when i try to integrate keycloak with spring boot web + spring security project
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.