java—从spring上的当前会话获取用户信息?

qjp7pelc  于 2021-07-16  发布在  Java
关注(0)|答案(1)|浏览(455)

我一直在尝试从当前会话获取用户信息,以执行一些类似findbyusername的操作。我尝试过@authenticationprinciple,但即使我将userdetails实现提供给它,它也只返回null。我也尝试过securitycontextholder方法,它返回匿名用户(?)。无论哪种方式都没有达到预期的效果。尝试了所有的解决方案,我可以在互联网上找到迄今为止,但没有运气。控制器;

@Controller
public class Home {

    EntryService entryService;

    public Home(EntryService entryService) {
        this.entryService = entryService;
    }

    @GetMapping("/Home")
    public String registration(Entry entry, Model model) {
        //See what it returns
        System.out.println(getUsername());
        List<Entry> entries = new ArrayList<>(entryService.getAllEntries());
        model.addAttribute("entryList", entries);
        model.addAttribute("entry", entry);

        return "/home";
    }

    public String getUsername() {
        SecurityContext context = SecurityContextHolder.getContext();
        Authentication authentication = context.getAuthentication();
        if (authentication == null)
            return null;
        Object principal = authentication.getPrincipal();
        if (principal instanceof UserDetails) {
            return ((UserDetails) principal).getUsername();
        } else {
            return principal.toString();
        }
    }

}

安全;

@Configuration

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Autowired
    public DetailsService detailsService() {
        return new DetailsService();
    }

    protected void configure(HttpSecurity http) throws Exception {

        http.
                authorizeRequests().
                antMatchers("/register").
                permitAll().
                antMatchers("/home").
                hasRole("USER").
                and().
                csrf().
                disable().
                formLogin().
                loginPage("/").
                permitAll().
                passwordParameter("password").
                usernameParameter("username").
                defaultSuccessUrl("/home").
                failureUrl("/error").
                and().
                logout().
                logoutUrl("/logout");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(detailsService()).passwordEncoder(passwordEncoder());
    }

}

用户详细信息;

public class UserDetail implements UserDetails {

    private final String username;
    private final String password;
    private final boolean active;
    private final List<GrantedAuthority> roles;

    public UserDetail(User user) {
        this.username = user.getUserName();
        this.password = user.getPassword();
        this.active = user.getActive();
        this.roles = Arrays.stream(user.getRole().toString().split(",")).
                map(SimpleGrantedAuthority::new).
                collect(Collectors.toList());
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return roles;
    }

    @Override
    public String getPassword() {
        return password;
    }

    @Override
    public String getUsername() {
        return username;
    }

    @Override
    public boolean isAccountNonExpired() {
        return true;
    }

    @Override
    public boolean isAccountNonLocked() {
        return true;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        return true;
    }

    @Override
    public boolean isEnabled() {
        return active;
    }
}

用户详细信息服务;

@Service
public class DetailsService implements UserDetailsService {

    @Autowired
    UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        Optional<User> user = userRepository.findByUserName(s);
        user.orElseThrow(() -> new UsernameNotFoundException("User not found"));
        return user.map(UserDetail::new).get();
    }
}

使用基于jpa的身份验证btw,它可以根据需要工作。

pxyaymoc

pxyaymoc1#

在安全上下文中获得匿名用户的唯一原因是您没有经过身份验证。尝试添加 .anyRequest().authenticated() 刚好在…之后 hasRole("USER"). 然后你应该在 SecurityContextHolder.getContext().getAuthentication() . 这将继续使用您指定为的方法 permitAll() .
另外,只是一个观察,但是你的配置中的url匹配器是打开的 /home 并且您的控制器指定 /Home .

相关问题