【发布时间】:2019-09-10 16:44:10
【问题描述】:
我是 jHipster 的新手,我正在尝试将用户与公司 ID 相关联,以便根据所述公司 ID 限制他们可以访问的实体。
我希望能够使用 SecurityContext 来存储我自定义的 UserDetails 实现。 我已经遵循了多个教程,但似乎无法使其正常工作:SecurityContext 返回的对象始终是 org.springframework.security.core.userdetails.User 类型,因此无法将其转换为我实现的 UserDetails 类.
DomainUserDetailsService.java
@Service("domainUserDetailsService")
public class DomainUserDetailsService implements UserDetailsService {
private final Logger log = LoggerFactory.getLogger(DomainUserDetailsService.class);
private UserRepository userRepository;
public DomainUserDetailsService(UserRepository userRepository) {
this.userRepository = userRepository;
}
@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(final String login) {
log.debug("Authenticating {}", login);
User user = userRepository.findOneWithAuthoritiesByEmail(login).get();
return new UserDetails(user, 22L);
}
UserDetails.java
public class UserDetails implements org.springframework.security.core.userdetails.UserDetails {
private User user;
private Long companyId = 0L;
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
public Long getCompanyId() {
return companyId;
}
public void setCompanyId(Long companyId) {
this.companyId = companyId;
}
public UserDetails(User user, Long companyId) {
this.user = user;
this.companyId = companyId;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return user.getAuthorities().stream().map(authority -> new SimpleGrantedAuthority(authority.getName().toString())).collect(Collectors.toList());
}
public Long getId() {
return user.getId();
}
@Override
public String getPassword() {
return user.getPassword();
}
@Override
public String getUsername() {
return user.getLogin();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
public User getUserDetails() {
return user;
}
}
SecurityConfiguration.java
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Import(SecurityProblemSupport.class)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private final AuthenticationManagerBuilder authenticationManagerBuilder;
private final UserDetailsService userDetailsService;
private final TokenProvider tokenProvider;
private final CorsFilter corsFilter;
private final SecurityProblemSupport problemSupport;
public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder, @Qualifier("domainUserDetailsService") UserDetailsService userDetailsService, TokenProvider tokenProvider, CorsFilter corsFilter, SecurityProblemSupport problemSupport) {
this.authenticationManagerBuilder = authenticationManagerBuilder;
this.userDetailsService = userDetailsService;
this.tokenProvider = tokenProvider;
this.corsFilter = corsFilter;
this.problemSupport = problemSupport;
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
......
SecurityUtils.java
public static UserDetails getCurrentUserDetail() {
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
if (authentication != null) {
if (authentication.getPrincipal() instanceof UserDetails) {
UserDetails springSecurityUser = (UserDetails) authentication.getPrincipal();
return springSecurityUser;
}
}
return null;
}
问题是在 SecurityUtils 中,authentication.getPrincipal().getClass() 的类型总是 org.springframework.security.core.userdetails.User。 我希望它是 UserDetails 类型。
编辑 代码确实通过 DomainUserDetailsService,我可以在日志中看到它。
我认为问题与在 UserJWTController.java 中的用户身份验证期间调用的 createToken 期间在 TokenProvider.java 中覆盖的身份验证有关
【问题讨论】:
-
log.debug("Authenticating {}", login);认证时能找到这个日志吗?你能分享你的 HttpSecurity 吗? -
什么是 tokenProvider ?
-
@chaoluo,是的,代码确实通过 log.debug("Authenticating {}", login); TokenProvider 是 jHipster 生成的一个类。这是example of it。通过它,我想我可能在
public Authentication getAuthentication(String token)中找到了我的问题 -
你能分享你的 HttpSecurtiy 吗?
-
你试过使用中间表吗?像
Employee和company_id和user_id作为字段?它对我有用,让我免于许多麻烦
标签: java spring-security jhipster