[英]Why does @AuthenticationPrincipal return the Authentication instead of the principal object?
我想在我的控制器方法中使用@AuthenticationPrincipal批注檢索當前用戶。 該文檔指出以下內容:
將方法參數或方法返回值綁定到Authentication.getPrincipal()的注釋。
但是實際上我得到了Authentication對象而不是Authentication.getPrincipal() 。
這是我的簡單控制器方法:
@RequestMapping("/")
public @ResponseBody String index(@AuthenticationPrincipal final WindowsAuthenticationToken user) {
return String.format("Welcome to the home page, %s!", user.getName());
}
WindowsAuthenticationToken實現Authentication 。 在此實現中, getPrincipal返回WindowsPrincipal 。
上面的控制器方法有效,但是當我將參數類型更改為WindowsPrincipal並嘗試訪問網站時,出現以下錯誤頁面:
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Tue Mar 03 15:13:52 CET 2015
There was an unexpected error (type=Internal Server Error, status=500).
argument type mismatch HandlerMethod details: Controller [pkg.HomeController] Method [public java.lang.String pkg.HomeController.index(waffle.servlet.WindowsPrincipal)] Resolved arguments: [0] [type=waffle.spring.WindowsAuthenticationToken] [value=waffle.spring.WindowsAuthenticationToken@121a2581]
這是我的配置文件:
package pkg;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import waffle.servlet.spi.BasicSecurityFilterProvider;
import waffle.servlet.spi.NegotiateSecurityFilterProvider;
import waffle.servlet.spi.SecurityFilterProvider;
import waffle.servlet.spi.SecurityFilterProviderCollection;
import waffle.spring.NegotiateSecurityFilter;
import waffle.spring.NegotiateSecurityFilterEntryPoint;
import waffle.windows.auth.impl.WindowsAuthProviderImpl;
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint;
@Autowired
private NegotiateSecurityFilter waffleNegotiateSecurityFilter;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().authenticationEntryPoint(negotiateSecurityFilterEntryPoint).and()
.addFilterBefore(waffleNegotiateSecurityFilter, BasicAuthenticationFilter.class).authorizeRequests()
.anyRequest().fullyAuthenticated();
}
@Bean
public WindowsAuthProviderImpl waffleAuthProvider() {
return new WindowsAuthProviderImpl();
}
@Bean
public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(
final WindowsAuthProviderImpl waffleAuthProvider) {
return new NegotiateSecurityFilterProvider(waffleAuthProvider);
}
@Bean
public BasicSecurityFilterProvider basicSecurityFilterProvider(final WindowsAuthProviderImpl waffleAuthProvider) {
return new BasicSecurityFilterProvider(waffleAuthProvider);
}
@Bean
public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(
final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
final BasicSecurityFilterProvider basicSecurityFilterProvider) {
final SecurityFilterProvider[] providers = { negotiateSecurityFilterProvider, basicSecurityFilterProvider };
return new SecurityFilterProviderCollection(providers);
}
@Bean
public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
final SecurityFilterProviderCollection waffleSecurityFilterProviderCollection) {
final NegotiateSecurityFilterEntryPoint entryPoint = new NegotiateSecurityFilterEntryPoint();
entryPoint.setProvider(waffleSecurityFilterProviderCollection);
return entryPoint;
}
@Bean
public NegotiateSecurityFilter waffleNegotiateSecurityFilter(
final SecurityFilterProviderCollection waffleSecurityFilterProviderCollection) {
final NegotiateSecurityFilter filter = new NegotiateSecurityFilter();
filter.setProvider(waffleSecurityFilterProviderCollection);
return filter;
}
}
為什么行為與應有的行為有所不同?
我的主要對象沒有實現UserDetails 。 因為WindowsPrincipal是外部庫的類,所以我無法對其進行任何更改。 最后,我創建了一個新的篩選器,該篩選器將WindowsPrincipal包裝在實現UserDetails的類中。 現在,我使用@AuthenticationPrincipal獲得正確的主體對象。
這是因為WindowsPrincipal實現Principal 。 刪除Implements子句,它將再次起作用。 我有同樣的問題,這解決了它。
為什么 Subject.doAs 基於登錄用戶而不是切換主題返回主體?
[英]Why does Subject.doAs return the principal based on the logged in user instead of the switched subject?
為什么我的Javascript返回[object HTMLScriptElement]而不是預期的文本?
[英]Why does my Javascript return [object HTMLScriptElement] instead of expected text?
Spring Security HeaderPreAuthentication Principal未從@AuthenticationPrincipal解析
[英]Spring Security HeaderPreAuthentication Principal Not Resolved from @AuthenticationPrincipal
為什么在裝飾器中調用安全認證屬性`principal.displayName`會拋出異常?
[英]Why does calling the security authentication property `principal.displayName` in a decorator throw an exception?
AuthenticationPrincipal 返回空的 UserDetails object
[英]AuthenticationPrincipal returns empty UserDetails object
如果身份驗證對象為null,hasPermission是否返回false
[英]Does hasPermission return false if the authentication object is null
為什么Transformer返回<和>而不是<和>?
[英]Why does Transformer return < and > instead of < and >?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.