我正在使用 mongodb 复制 session
下面是我正在使用的配置
@Configuration
@EnableMongoHttpSession
public class MongoSessionReplication {
@Bean
public AbstractMongoSessionConverter mongoSessionConverter() {
List<Module> securityModules = SecurityJackson2Modules.getModules(getClass().getClassLoader());
return new JacksonMongoSessionConverter(securityModules);
}
@Bean
public MongoTemplate mongoTemplate(@Qualifier("replicaSet") Datastore replicaSet){
MongoTemplate mongoTemplate = new MongoTemplate(replicaSet.getMongo(),replicaSet.getDB().getName());
return mongoTemplate;
}
}
现在一切工作正常,除了 spring security 在登录后创建的 Principal
对象。
我有 UserDetails
public class PortalUser extends User {
private String primaryEmailId;
private String redirectUrl;
public PortalUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
public PortalUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
super(username, password, true, true, true, true, authorities);
}
public String getPrimaryEmailId() {
return primaryEmailId;
}
public void setPrimaryEmailId(String primaryEmailId) {
this.primaryEmailId = primaryEmailId;
}
public String getRedirectUrl() {
return redirectUrl;
}
public void setRedirectUrl(String redirectUrl) {
this.redirectUrl = redirectUrl;
}
}
下面是UserDetailsService
@Service
public class PortalUserDetailService implements UserDetailsService {
@Autowired
private SSOServiceAPI ssoServiceAPI;
@Autowired
private UserProfileService userProfileService;
@Override
public UserDetails loadUserByUsername(String hexId) throws UsernameNotFoundException {
UserProfile userProfile = userProfileService.getUserProfileByUserId(hexId);
List<GrantedAuthority> grantedAuthority = new ArrayList<GrantedAuthority>();
if(userProfile!=null) {
grantedAuthority.add(new SimpleGrantedAuthority(userProfile.getSsmRoles().name()));
} else {
grantedAuthority.add(new SimpleGrantedAuthority("USER"));
}
SSOUsers ssoUser = ssoServiceAPI.findSSOUser(hexId, false);
PortalUser portalUser = new PortalUser(hexId, hexId, true, true, true, true, grantedAuthority);
portalUser.setPrimaryEmailId(ssoUser.getPrimaryUserId());
return portalUser;
}
}
Controller
public String getAllProducts(@RequestParam(value = "callback", required = true) String callback, Principal principal, HttpServletRequest request) {
String hexId = principal.getName();
String primaryEmailId = ((PortalUser) ((UsernamePasswordAuthenticationToken) principal).getPrincipal()).getPrimaryEmailId(); //----->> this line fails
}
上面突出显示的类型转换失败,因为它返回 UserDetails
的实例,而不是我的自定义 PortalUser
。但当我禁用 spring-session 复制时,情况并非如此。
最佳答案
您需要实现 Spring 的 Security UserDetails,而不是 User。
将 MyUser 更新为以下内容:
public class SecUserDetails implements UserDetails {
private User user;
public SecUserDetails(User user) {
this.user = user;
}
......
......
......
}
关于使用 mongodb 进行 Spring session 复制未按预期工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48258601/