[英]@EJB injection in a Custom UserdetailsService (implementing Spring Security UserDetailsService)
[英]Spring Security custom UserDetailsService and custom User class
我試圖在de user主體對象中保存其他數據。
我做的是:
實現我的現有用戶類的“UserDetails”接口,其中保存了我的附加數據(如電子郵件地址等)。
@Entity
public class User implements UserDetails {
然后我創建了一個UserDetailsService實現:
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
UserDAO userDAO;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
User user = userDAO.findOneByUsername(username);
if (user == null)
throw new UsernameNotFoundException("username " + username
+ " not found");
System.out.println("---------------------> FOUND ------------->"
+ user.getEmail());
return user;
}
}
最后一步是在我的安全配置中添加UserDetailsService。
@Configuration
@EnableWebMvcSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
auth.userDetailsService(userDetailsService());
// ...
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.userDetailsService(userDetailsService());
// ...
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
我在我的控制台中看到“loadUserByName”被調用兩次(因為“Found”輸出)。
當我嘗試訪問我的控制器中的主要對象 - >
System.out.println(SecurityContextHolder.getContext()
.getAuthentication().getPrincipal());
我沒有得到我的額外數據。 當我嘗試將其強制轉換為我的User對象時,我得到一個無法轉換異常。
有什么我想念的嗎?
先感謝您。
好。 我的問題隱藏在我沒有發布的代碼中。
我認為這個detailsService只是為了獲得更多細節,但它用於登錄本身。
我另外配置了“jdbcAuthentication”,春天似乎總是使用它。
既然我只配置了detailsService,一切正常。
編輯。:
所以我只需刪除此代碼:
auth.jdbcAuthentication() .dataSource(dataSource)
* .passwordEncoder(passwordEncoder) .usersByUsernameQuery(
// ....
現在它也適用於我上面的問題中的代碼。
創建Extention類:
public class CustomUserDetails extends org.springframework.security.core.userdetails.User{
private User user;
public CustomUserDetails(User user, Collection<? extends GrantedAuthority> authorities) {
super(user.getName(), user.getPassword(), authorities);
this.user = user;
}
public CustomUserDetails(User user, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
super(user.getName(), user.getPassword(), enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
this.user = user;
}
public User getUser() {
return user;
}
}
然后將其添加到UserDetailsService:
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
public UserDetails loadUserByUsername(String login) throws UsernameNotFoundException, DataAccessException {
UserDetails userDetails = null;
User user = userService.getByLogin(login);
userDetails = new CustomUserDetails(user,
true, true, true, true,
getAuthorities(user.getRole()));
return userDetails;
}
得到它!
(CustomUserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal()
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.