问题描述
我有以下UserDetailsService实现。
到目前为止,身份验证过程运行良好。
如何存储我的MyUser bean( 在会话中成功登录),以便我可以在我的应用程序的其他区域访问它
I have the following UserDetailsService implementation.
The authentication process is working great so far.
How do I store my "MyUser bean" (that logged in successfully ) in the "session" so i can get access to it in other areas in my application
谢谢。
@Transactional(readOnly = true)
public class CustomUserDetailsService implements UserDetailsService {
private EmployeesApi employeesApi = new EmployeesApi();
/**
* Retrieves a user record containing the user's credentials and access.
*/
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
// Declare a null Spring User
UserDetails user = null;
try {
MyUser employee = employeesApi.getByUserName(userName);
user = new User(
employee.getUserName(),
employee.getPassword().toLowerCase(),
true,
true,
true,
true,
getAuthorities(1) );
} catch (Exception e) {
logger.error("Error in retrieving user");
throw new UsernameNotFoundException("Error in retrieving user");
}
}
....
推荐答案
Spring Security已经为您在会话中存储了 UserDetails
经过身份验证的用户。
Spring Security already stores UserDetails
of authenticated user in session for you.
因此,在会话中存储 MyUser
的最简单方法是实现包含的自定义 UserDetails
对 MyUser
的引用:
So, the easiest way to store MyUser
in session is to implement a custom UserDetails
that contains a reference to MyUser
:
public class MyUserDetails extends User {
private MyUser myUser;
public MyUserDetails(..., MyUser myUser) {
super(...);
this.myUser = myUser;
}
public MyUser getMyUser() {
return myUser;
}
...
}
并从你的 UserDetailsService
:
MyUser employee = employeesApi.getByUserName(userName);
user = new MyUserDetails(..., myUser);
然后您可以通过安全轻松访问 MyUser
context:
Then you can easily access MyUser
via security context:
MyUser myUser = ((MyUserDetails) SecurityContextHolder
.getContext().getAuthentication().getPrincipal()).getMyUser();
在Spring MVC控制器中:
In Spring MVC controller:
@RequestMapping(...)
public ModelAndView someController(..., Authentication auth) {
MyUser myUser = ((MyUserDetails) auth.getPrincipal()).getMyUser();
...
}
在JSP中:
<security:authentication var = "myUser" property="principal.myUser" />
这篇关于Spring安全性从更深层访问UserDetailsService的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!