我正在尝试向Principal中的Spring Security对象添加其他属性。因此我实现了


实现UserDetails的CustomUser对象
实现UserDetailsService的CustomUserService。


CustomUser：

@Entity
public class CustomUser implements UserDetails { ... }

@Service
public class CustomUserService implements UserDetailsService {

    @Autowired
    private CustomUserRepository customUserRepository;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        CustomUser customUser = this.customUserRepository.findByUsername(username);

        return new User(customUser.getUsername(), customUser.getPassword(), true, true, true, true,
            customUser.getAuthorities());
    }
}

<beans:bean id="customUserDetailsService" class="project.service.CustomUserService"></beans:bean>

<authentication-manager>
    <authentication-provider user-service-ref="customUserDetailsService" />
</authentication-manager>

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
CustomUser user = (CustomUser) auth.getPrincipal();

java.lang.ClassCastException: org.springframework.security.core.userdetails.User cannot be cast to project.entity.CustomUser

作为CustomUser implements UserDetails

但是，您将返回新的User（...）并强制转换为类型不匹配的CustomUser，因此您收到了ClassCastException。
您必须直接返回CustomUser类型，如下所示。

   @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        return this.customUserRepository.findByUsername(username);

public class CustomUser extends org.springframework.security.userdetails.User {.....}

@Entity
public class UserEntity {...}

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

 UserEntity userEntity = this.customUserRepository.findByUsername(username);

 CustomUser customUser = new CustomUser( userEntity.getUsername(), userEntity.getPassword()........);

 return customUser;
}

 CustomUser customUser = (CustoomUser) authentication.getPrincipal();