我是jHipster的新手,我正在尝试将用户与公司ID相关联,以根据所述公司ID限制用户有权访问的实体。
我希望能够使用SecurityContext存储我的UserDetails的自定义实现。
我已按照该字母进行了多次教程,但似乎无法使其正常工作:SecurityContext返回的对象始终为org.springframework.security.core.userdetails.User类型,因此无法将其转换为实现的UserDetails类。
DomainUserDetailsService.java
@Service("domainUserDetailsService")
public class DomainUserDetailsService implements UserDetailsService {
private final Logger log = LoggerFactory.getLogger(DomainUserDetailsService.class);
private UserRepository userRepository;
public DomainUserDetailsService(UserRepository userRepository) {
this.userRepository = userRepository;
}
@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(final String login) {
log.debug("Authenticating {}", login);
User user = userRepository.findOneWithAuthoritiesByEmail(login).get();
return new UserDetails(user, 22L);
}
UserDetails.java
public class UserDetails implements org.springframework.security.core.userdetails.UserDetails {
private User user;
private Long companyId = 0L;
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
public Long getCompanyId() {
return companyId;
}
public void setCompanyId(Long companyId) {
this.companyId = companyId;
}
public UserDetails(User user, Long companyId) {
this.user = user;
this.companyId = companyId;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return user.getAuthorities().stream().map(authority -> new SimpleGrantedAuthority(authority.getName().toString())).collect(Collectors.toList());
}
public Long getId() {
return user.getId();
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getLogin();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
public User getUserDetails() {
return user;
}
}
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final AuthenticationManagerBuilder authenticationManagerBuilder;
private final UserDetailsService userDetailsService;
private final TokenProvider tokenProvider;
private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;
public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, @Qualifier("domainUserDetailsService") UserDetailsService userDetailsService, TokenProvider tokenProvider, CorsFilter corsFilter, SecurityProblemSupport problemSupport) {
this.authenticationManagerBuilder = authenticationManagerBuilder;
this.userDetailsService = userDetailsService;
this.tokenProvider = tokenProvider;
this.corsFilter = corsFilter;
this.problemSupport = problemSupport;
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
......
SecurityUtils.java
public static UserDetails getCurrentUserDetail() {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication != null) {
if (authentication.getPrincipal() instanceof UserDetails) {
UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal();
return springSecurityUser;
}
}
return null;
}
问题在于,在SecurityUtils中,authentication.getPrincipal()。getClass()始终为org.springframework.security.core.userdetails.User类型的类。
我希望它是UserDetails类型。
编辑
该代码确实通过DomainUserDetailsService,正如我在日志中看到的那样。
我认为问题与在TokenProvider.java中的用户身份验证期间调用的createToken期间在UserJWTController.java中的身份验证被覆盖有关
最佳答案
您应该覆盖configure(AuthenticationManagerBuilder auth),而不是@Autowired public void configureGlobal
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
关于java - 如何从jHipster中的SecurityContextHolder检索自定义UserDetails?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/55778322/