[英]Spring boot security principal user getting changed to newly logged in user details
我正在使用 spring 啟動 2.2.4 和 spring 安全性。 我面臨的問題是每次使用新用戶登錄時,主要用戶名都會重置為新登錄用戶的詳細信息,為什么。 但是,正如我所觀察到的,session ID 仍然正確。 我不明白這種行為。 任何想法?
@EnableWebSecurity
public class IctSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//URLs matching for access rights
.antMatchers("/").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/signin").permitAll()
.antMatchers("/ict/**/**").permitAll()
.antMatchers("/user/queue/reply").hasAnyAuthority(RolesConst.APP_USER)
.antMatchers("/find").hasAnyAuthority(RolesConst.APP_USER)
//.anyRequest().authenticated()
.and()
//form login
.csrf().disable().formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.defaultSuccessUrl("/dashboard")
.and()
//logout
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login").and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
//return NoOpPasswordEncoder.getInstance();
}
}
用戶詳情服務
@Service
public class IctUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//return new IctUserDetails(username);
Optional<UserEntity> user = userRepository.findByUsername(username);
user.orElseThrow(() -> new UsernameNotFoundException("Not found: " + username));
//UserController.groupname(username);
return user.map(IctUserDetails::new).get();
}
}
用戶詳情 class
public class IctUserDetails implements UserDetails {
private static final long serialVersionUID = 1L;
public static String username;
private String password;
private List<? extends GrantedAuthority> authorities;
public IctUserDetails() {
}
public IctUserDetails(UserEntity userEntity) {
this.username = userEntity.getUsername();
this.password = userEntity.getPassword();
List<SimpleGrantedAuthority> authoriteis = getRoleAuthoritiesFromUserEntity(userEntity);
this.authorities = authoriteis;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
/**
* Get list of role authorities from current user entity
* @param userRoleEntities
* @return
*/
@Transactional
private List<SimpleGrantedAuthority> getRoleAuthoritiesFromUserEntity(UserEntity userEntity) {
Collection<UserRoleEntity> userRoleEntities = userEntity.getUserRoleEntities();
List<SimpleGrantedAuthority> authoriteis = userRoleEntities
.stream()
.map(ur -> ur.getRole().getRoleName())
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
return authoriteis;
}
}
所以,這就是問題所在。 我在我的 UserDetails class 中將用戶名聲明為 static public static String username; .
我已將其更改為private String username; 現在一切都很好。 謝謝。
在Spring Boot OAuth 2中無法從主體對象獲取用戶詳細信息
[英]Not able to get user details from principal object in Spring boot OAuth 2
Principal保留字符串,盡管使用Spring安全性中的自定義用戶詳細信息類
[英]Principal stays string albeit using a custom user details class in Spring security
Spring 啟動 Oauth 安全性 - 客戶端憑據授予類型中主體中的用戶(自定義信息)信息
[英]Spring boot Oauth security - User(custom info) info in the principal in Client Credentials grant type
Spring 引導 2.2.6 - 安全 | 更新用戶信息后如何更新 Principal
[英]Spring Boot 2.2.6 - Security | How to update Principal after updating user's information
如何在Spring MVC REST通道中獲取登錄的用戶名/ Principal?
[英]How to get logged user name/Principal in Spring MVC REST channel?
java.lang.IllegalStateException:Current user principal is not of type when i try to integrate keycloak with spring boot web + spring security project
[英]java.lang.IllegalStateException:Current user principal is not of type when i try to integrate keycloak with spring boot web + spring security project
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.