1. 首頁
  2. 問答
  3. 如何在春季安全創建自定義UserDetail對象

如何在春季安全創建自定義UserDetail對象

2014-10-19 142 views
6

我建立了我的自定義Authenticaton經理的Spring Security這是這樣的如何在春季安全創建自定義UserDetail對象

public class AccountAuthenticationProvider implements AuthenticationProvider{ 

    @Autowired 
    private AuthenticationService authService; 

    @Override 
    public Authentication authenticate(Authentication authentication) throws AuthenticationException { 

     String userName = authentication.getName(); 
     String password = (String)authentication.getCredentials(); 

     if(authService.isValid(userName,password)){ 
      List<GrantedAuthority> grantedAuthorityList = new ArrayList<GrantedAuthority>(); 
      grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_USER")); 
      SecurityContext securityContext = new SecurityContextImpl(); 
      return new UsernamePasswordAuthenticationToken(userName,password); 
     } 

     return null; 
    } 


    public void setAuthService(AuthenticationService authService) { 
     this.authService = authService; 
    } 

    @Override 
    public boolean supports(Class<?> authentication) { 
     return true; 
    } 

}

但如何創建自己的自定義對象UserDetail?我將使用它來存儲帳戶相關值

來源

2014-10-19 user962206

回答

3

需要實現的UserDetailsS​​ervice並覆蓋loadUserByUsername方法來回報您的自定義UserDetails類。像這樣 -

public class UserServiceImpl implements UserDetailsService {` 

@Autowired 
UserDaoImpl userDao; 

@Override 
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
    System.out.println(username); 
    Users user = (Users) userDao.findByUserName(username); 
    List<GrantedAuthority> authorities = buildUserAuthority(user.getUserRoles()); 
    System.out.println("after...."); 
    return buildUserForAuthentication(user, authorities); 
} 

private List<GrantedAuthority> buildUserAuthority(Set<UserRole> userRoles) { 
    Set<GrantedAuthority> setAuths = new HashSet<GrantedAuthority>(); 
    for(UserRole userRole : userRoles){ 
     System.out.println("called buildUserAuthority(Set<UserRole> userRoles) method....."); 
     setAuths.add(new SimpleGrantedAuthority(userRole.getRole())); 
    } 

    List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(setAuths); 
    return grantedAuthorities; 
} 

private User buildUserForAuthentication(Users user, List<GrantedAuthority> authorities) { 
    //accountNonExpired, credentialsNonExpired, accountNonLocked, authorities properties 
    System.out.println("called buildUserForAuthentication(Users user, List<GrantedAuthority> authorities) method...."); 
    return new User(user.getUsername(), user.getPassword(), user.getEnabled(), true, true, true, authorities); 
}}

來源

2016-02-05 09:08:23

+0

相同的答案比其他。 – Patrick 2016-02-05 09:15:21

2

你差點沒錢了!

if(authService.isValid(userName,password)) { 
    List<GrantedAuthority> grantedAuthorityList = new ArrayList<GrantedAuthority>(); 
    grantedAuthorityList.add(new SimpleGrantedAuthority("ROLE_USER")); 
    MyObject myObj = new MyObject(userName, password, otherInfo); 
    return new UsernamePasswordAuthenticationToken(mjObj,"", grantedAuthorityList); 
}

UsernamePasswordAuthenticationToken的第一個參數是原理。原理是系統中代表剛剛登錄的人(或事物)的對象。

在認證之前,原則只是(String)用戶名,因爲這是您在那一點上的所有信息。登錄後您可以收集其他信息與用戶一起去。

Spring提供的接口:UserUserDetailsUserDetailsService幫助管理用戶和做彈性的東西與用戶,所以如果你讓MyObject實現UserDetails,那麼你可以從Spring環境中一些額外的好處,但沒有必要你可以堅持只是你的MyObject

在你的控制器(在Spring 4)可以使用@AuthenticationPrincipal注入用戶對象到調用,例如:

@RequestMapping(method = RequestMethod.GET, value = "/foo/{bar}") 
public SomeObject myCommand(@AuthenticationPrincipal MyObject user, @PathVariable String bar);

來源

2016-10-21 09:45:22

相關問題

 相關問題