java—从spring上的当前会话获取用户信息?

qjp7pelc  于 2021-07-16  发布在  Java
关注(0)|答案(1)|浏览(502)

我一直在尝试从当前会话获取用户信息,以执行一些类似findbyusername的操作。我尝试过@authenticationprinciple,但即使我将userdetails实现提供给它,它也只返回null。我也尝试过securitycontextholder方法,它返回匿名用户(?)。无论哪种方式都没有达到预期的效果。尝试了所有的解决方案,我可以在互联网上找到迄今为止,但没有运气。控制器;

  1. @Controller
  2. public class Home {
  4.     EntryService entryService;
  6.     public Home(EntryService entryService) {
  7.         this.entryService = entryService;
  8.     }
  10.     @GetMapping("/Home")
  11.     public String registration(Entry entry, Model model) {
  12.         //See what it returns
  13.         System.out.println(getUsername());
  14.         List<Entry> entries = new ArrayList<>(entryService.getAllEntries());
  15.         model.addAttribute("entryList", entries);
  16.         model.addAttribute("entry", entry);
  18.         return "/home";
  19.     }
  21.     public String getUsername() {
  22.         SecurityContext context = SecurityContextHolder.getContext();
  23.         Authentication authentication = context.getAuthentication();
  24.         if (authentication == null)
  25.             return null;
  26.         Object principal = authentication.getPrincipal();
  27.         if (principal instanceof UserDetails) {
  28.             return ((UserDetails) principal).getUsername();
  29.         } else {
  30.             return principal.toString();
  31.         }
  32.     }
  34. }

安全;

  1. @Configuration
  3. public class SecurityConfig extends WebSecurityConfigurerAdapter {
  5.     @Bean
  6.     public PasswordEncoder passwordEncoder() {
  7.         return new BCryptPasswordEncoder();
  8.     }
  10.     @Autowired
  11.     public DetailsService detailsService() {
  12.         return new DetailsService();
  13.     }
  15.     protected void configure(HttpSecurity http) throws Exception {
  17.         http.
  18.                 authorizeRequests().
  19.                 antMatchers("/register").
  20.                 permitAll().
  21.                 antMatchers("/home").
  22.                 hasRole("USER").
  23.                 and().
  24.                 csrf().
  25.                 disable().
  26.                 formLogin().
  27.                 loginPage("/").
  28.                 permitAll().
  29.                 passwordParameter("password").
  30.                 usernameParameter("username").
  31.                 defaultSuccessUrl("/home").
  32.                 failureUrl("/error").
  33.                 and().
  34.                 logout().
  35.                 logoutUrl("/logout");
  36.     }
  38.     @Override
  39.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  40.         auth.userDetailsService(detailsService()).passwordEncoder(passwordEncoder());
  41.     }
  43. }

用户详细信息;

  1. public class UserDetail implements UserDetails {
  3.     private final String username;
  4.     private final String password;
  5.     private final boolean active;
  6.     private final List<GrantedAuthority> roles;
  8.     public UserDetail(User user) {
  9.         this.username = user.getUserName();
  10.         this.password = user.getPassword();
  11.         this.active = user.getActive();
  12.         this.roles = Arrays.stream(user.getRole().toString().split(",")).
  13.                 map(SimpleGrantedAuthority::new).
  14.                 collect(Collectors.toList());
  15.     }
  17.     @Override
  18.     public Collection<? extends GrantedAuthority> getAuthorities() {
  19.         return roles;
  20.     }
  22.     @Override
  23.     public String getPassword() {
  24.         return password;
  25.     }
  27.     @Override
  28.     public String getUsername() {
  29.         return username;
  30.     }
  32.     @Override
  33.     public boolean isAccountNonExpired() {
  34.         return true;
  35.     }
  37.     @Override
  38.     public boolean isAccountNonLocked() {
  39.         return true;
  40.     }
  42.     @Override
  43.     public boolean isCredentialsNonExpired() {
  44.         return true;
  45.     }
  47.     @Override
  48.     public boolean isEnabled() {
  49.         return active;
  50.     }
  51. }

用户详细信息服务;

  1. @Service
  2. public class DetailsService implements UserDetailsService {
  4.     @Autowired
  5.     UserRepository userRepository;
  7.     @Override
  8.     public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
  9.         Optional<User> user = userRepository.findByUserName(s);
  10.         user.orElseThrow(() -> new UsernameNotFoundException("User not found"));
  11.         return user.map(UserDetail::new).get();
  12.     }
  13. }

使用基于jpa的身份验证btw,它可以根据需要工作。

Javaspringsessionspring-securityuser-data

1条答案

按热度按时间
pxyaymoc

pxyaymoc1#

在安全上下文中获得匿名用户的唯一原因是您没有经过身份验证。尝试添加 .anyRequest().authenticated() 刚好在…之后 hasRole("USER"). 然后你应该在 SecurityContextHolder.getContext().getAuthentication() . 这将继续使用您指定为的方法 permitAll() .
另外,只是一个观察,但是你的配置中的url匹配器是打开的 /home 并且您的控制器指定 /Home .

赞(0)分享  回复(0)举报  2021-07-16
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com