spring-security 如何使用java spring Boot 和JPA在Http会话中存储用户

eiee3dmh  于 2022-11-11  发布在  Spring
关注(0)|答案(1)|浏览(146)

我将很高兴知道我如何存储一个用户在http会话后,他登录使用Spring Boot 。
基本上,我想在我的会话中存储实体“Teacher”,以控制用户在登录或未登录时可以访问的页面。
这是我想存储在http会话中的实体:

@Entity
public class Teacher implements Serializable {
    private static final long serialVersionUID = 1L;

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;
    @Column(nullable = false, length = 254)
    private String name;
    @Column(nullable = false, length = 254, unique = true)
    private String email;
    @Column(nullable = false, length = 254, unique = true)
    private String password;
    @Column(nullable = false, length = 20)
    @Enumerated(EnumType.STRING)
    private Role role;

    @JsonIgnore
    @OneToMany(mappedBy = "teacher")
    private List<Scheduling> schedulings = new ArrayList<>();

这是我的登录验证器:

@PostMapping(value = "/validateLogin")
    public ResponseEntity<Object> validateLogin(@RequestBody Map<String, String> user) {
        try {
            Teacher t = teacherRepository.findUser(user.get("name"), user.get("email"));
            if (t != null && encoder.matches(user.get("password"), t.getPassword())) {
                //
                //I WANT TO STORE THE ENTITY HERE BUT I DON'T KNOW HOW
                //
                return ResponseEntity.status(HttpStatus.OK)
                        .body(Map.of("result", "ok", "details", "login approved"));
            } else {
                return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
                        .body(Map.of("result", "error", "details", "login denied"));
            }
        } catch (Exception e) {
            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
                    .body(Map.of("result", "error", "details", e.getMessage()));
        }
    }

我想验证用户是否在此处登录:

@GetMapping("/mainPage")
    public String mainPage() {
        //
        //IF USER IN HTTP SESSION{
        //
        return "mainPage";
        //ELSE RETURN YOU ARE NOT LOGGED IN!
    }
hjqgdpho

hjqgdpho1#

您可以像这样修改validateLogin

@PostMapping(value = "/validateLogin")
        public ResponseEntity<Object> validateLogin(@RequestBody Map<String, String> user,HttpServletRequest request) {
            try {
                Teacher t = teacherRepository.findUser(user.get("name"), user.get("email"));
                if (t != null && encoder.matches(user.get("password"), t.getPassword())) {
                    //
                    //I WANT TO STORE THE ENTITY HERE BUT I DON'T KNOW HOW
                    //store the object in session
                    request.getSession().setAttribute("teacher", t);
                    return ResponseEntity.status(HttpStatus.OK)
                            .body(Map.of("result", "ok", "details", "login approved"));
                } else {
                    return ResponseEntity.status(HttpStatus.UNAUTHORIZED)
                            .body(Map.of("result", "error", "details", "login denied"));
                }
            } catch (Exception e) {
                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
                        .body(Map.of("result", "error", "details", e.getMessage()));
            }
        }

和类似mainPage

@GetMapping("/mainPage")
    public String mainPage(HttpServletRequest request) {
        //
        //IF USER IN HTTP SESSION{
        //
    if(request.getSession()!=null){
//access from session
         Teacher t=(Teacher)request.getSession().getAttribute("teacher");
//your logic to validate can come here
    }

        return "mainPage";
        //ELSE RETURN YOU ARE NOT LOGGED IN!
    }

相关问题