我需要在身份验证加载登录时获取 userId,以便我可以存储它并在以后使用它来通过其 ID 收集有关该用户的更多信息。
这是我的登录 bean:
public String login() {
try {
Authentication request = new UsernamePasswordAuthenticationToken(this.getUsername(), this.getPassword());
Authentication result = authenticationManager.authenticate(request);
SecurityContextHolder.getContext().setAuthentication(result);
sessionMap.put("UsernameOnLogin", this.getUsername());
} catch (AuthenticationException e) {
e.printStackTrace();
sessionMap.clear();
return "error.xhtml";
}
return "i.xhtml";
}
和服务
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
empsuite.model.UserData domainUser = userloginDAO.getUsername(username);
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
return new User(
domainUser.getUsername(),
domainUser.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(1));
}
最后是获取用户名以执行登录的 DAO 函数:
public UserData getUsername(String username) {
List<UserData> userList = new ArrayList<UserData>();
Query query = openSession().createQuery("from UserData u where u.username = :Username");
query.setParameter("Username", username);
userList = query.list();
if (userList.size() > 0)
return userList.get(0);
else
return null;
}
编辑:用户模型:
public class UserData implements Serializable {
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
int iduser;
String username;
String password;
int accountstatus;
//Profile OLD
String nomprofile;
String prenprofile;
String mailprofile;
String adressprofile;
int phoneprofile;
Date datenaissanceprofile;
char sexeuser;
String imagepath;
public int getIduser() {
return iduser;
}
public void setIduser(int iduser) {
this.iduser = iduser;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public int getAccountstatus() {
return accountstatus;
}
public void setAccountstatus(int accountstatus) {
this.accountstatus = accountstatus;
}
public String getNomprofile() {
return nomprofile;
}
public void setNomprofile(String nomprofile) {
this.nomprofile = nomprofile;
}
public String getPrenprofile() {
return prenprofile;
}
public void setPrenprofile(String prenprofile) {
this.prenprofile = prenprofile;
}
public String getMailprofile() {
return mailprofile;
}
public void setMailprofile(String mailprofile) {
this.mailprofile = mailprofile;
}
public String getAdressprofile() {
return adressprofile;
}
public void setAdressprofile(String adressprofile) {
this.adressprofile = adressprofile;
}
public int getPhoneprofile() {
return phoneprofile;
}
public void setPhoneprofile(int phoneprofile) {
this.phoneprofile = phoneprofile;
}
public Date getDatenaissanceprofile() {
return datenaissanceprofile;
}
public void setDatenaissanceprofile(Date datenaissanceprofile) {
this.datenaissanceprofile = datenaissanceprofile;
}
public char getSexeuser() {
return sexeuser;
}
public void setSexeuser(char sexeuser) {
this.sexeuser = sexeuser;
}
public String getImagepath() {
return imagepath;
}
public void setImagepath(String imagepath) {
this.imagepath = imagepath;
}
最佳答案
SecurityContextHolder.getContext().setAuthentication(result);
会将身份验证对象放在 SecurityContext
中,如果应用程序是 Web 应用程序,它本身会在 session 中维护。
您可以使用以下代码检索 Authentication
对象,而不是将用户名存储在 session 中。
SecurityContext securityContext = SecurityContextHolder.getContext();
Object principal;
String username;
if(null != securityContext.getAuthentication()){
principal = securityContext.getAuthentication().getPrincipal();
username = securityContext.getAuthentication().getName();
}
username
的值将是身份验证中使用的用户名。 principal
的值将是主体对象。许多身份验证提供程序将创建一个 UserDetails
对象作为主体。
更新:
如果您想存储附加信息,您可以扩展 org.springframework.security.core.userdetails.User
并将附加信息作为该类的属性。
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import java.util.Collection;
public class CustomUser extends User {
private int id;
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public CustomUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities,int id) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
setId(id);
}
}
并且在 loadUserByUsername
中返回 CustomUser
而不是 User
。
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
empsuite.model.UserData domainUser = userloginDAO.getUsername(username);
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
return new CustomUser(
domainUser.getUsername(),
domainUser.getPassword(),
enabled,
accountNonExpired,
credentialsNonExpired,
accountNonLocked,
getAuthorities(1),
domainUser.getId());
}
现在 securityContext.getAuthentication().getPrincipal()
将返回 CustomUser
对象。因此,您可以通过 ((CustomUser)securityContext.getAuthentication().getPrincipal()).getId()
ID
SecurityContext securityContext = SecurityContextHolder.getContext();
CustomUser user;
if(null != securityContext.getAuthentication()){
user = (CustomUser) securityContext.getAuthentication().getPrincipal();
}
int id = user.getId();
关于java - 使用 Spring Security Authentication 存储 userId,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/32468097/