使用 mongodb 进行 Spring session 复制未按预期工作

Question

我正在使用 mongodb 复制 session

下面是我正在使用的配置

@Configuration
@EnableMongoHttpSession
public class MongoSessionReplication {

@Bean
public AbstractMongoSessionConverter mongoSessionConverter() {
    List<Module> securityModules = SecurityJackson2Modules.getModules(getClass().getClassLoader());
    return new JacksonMongoSessionConverter(securityModules);
}
@Bean
public MongoTemplate mongoTemplate(@Qualifier("replicaSet") Datastore replicaSet){
   MongoTemplate mongoTemplate = new MongoTemplate(replicaSet.getMongo(),replicaSet.getDB().getName());
   return mongoTemplate;
}

}

现在一切工作正常，除了 spring security 在登录后创建的 Principal 对象。 我有 UserDetails

的自定义实现

public class PortalUser extends User {

    private String primaryEmailId;

    private String redirectUrl;

    public PortalUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
    }
    public PortalUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
        super(username, password, true, true, true, true, authorities);
    }

    public String getPrimaryEmailId() {
        return primaryEmailId;
    }

    public void setPrimaryEmailId(String primaryEmailId) {
        this.primaryEmailId = primaryEmailId;
    }

    public String getRedirectUrl() {
        return redirectUrl;
    }

    public void setRedirectUrl(String redirectUrl) {
        this.redirectUrl = redirectUrl;
    }
}

下面是UserDetailsS​​ervice

@Service
public class PortalUserDetailService implements UserDetailsService {

    @Autowired
    private SSOServiceAPI ssoServiceAPI;

    @Autowired
    private UserProfileService userProfileService;

    @Override
    public UserDetails loadUserByUsername(String hexId) throws UsernameNotFoundException {
        UserProfile userProfile = userProfileService.getUserProfileByUserId(hexId);
        List<GrantedAuthority> grantedAuthority = new ArrayList<GrantedAuthority>();
        if(userProfile!=null) {
            grantedAuthority.add(new SimpleGrantedAuthority(userProfile.getSsmRoles().name()));
        } else {
            grantedAuthority.add(new SimpleGrantedAuthority("USER"));
        }
        SSOUsers ssoUser = ssoServiceAPI.findSSOUser(hexId, false);
        PortalUser portalUser = new PortalUser(hexId, hexId, true, true, true, true, grantedAuthority);
        portalUser.setPrimaryEmailId(ssoUser.getPrimaryUserId());
        return portalUser;

    }
}

Controller

public String getAllProducts(@RequestParam(value = "callback", required = true) String callback, Principal principal, HttpServletRequest request) {

    String hexId = principal.getName();
    String primaryEmailId = ((PortalUser) ((UsernamePasswordAuthenticationToken) principal).getPrincipal()).getPrimaryEmailId(); //----->> this line fails

}

上面突出显示的类型转换失败，因为它返回 UserDetails 的实例，而不是我的自定义 PortalUser。但当我禁用 spring-session 复制时，情况并非如此。

Answer 1

您需要实现 Spring 的 Security UserDetails，而不是 User。

将 MyUser 更新为以下内容:

public class SecUserDetails implements UserDetails {

    private User user;

    public SecUserDetails(User user) {
        this.user = user;
    }
    ......
    ......
    ......
}