如何从春季保安获得一个领域?

时间:2016-04-05 15:44:13

标签: spring spring-mvc spring-security

MODEL 

@Column(name="id_usr_adm_tkn")
private int id;

@Column(name="npp_usr_adm_tkn")
private String npp;

@Column(name="jbtn_usr_adm_tkn")
private String jabatan;
@Id
@Column(name="username_usr_adm_tkn")
private String username;

@Column(name="password_usr_adm_tkn")
private String password;
//describes the tables in the database
@Column(name="email_usr_adm_tkn")
private String email;

@Column(name="nm_adm_usr_tkn")
private String nama;

@Column(name="ktk_adm_usr_tkn")
private String kontak;

@Column(name="sts")
private int sts;

@Column(name="id_wlyh")
private int id_wlyh;

弹簧security.xml文件 

<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="select username_usr_adm_tkn,password_usr_adm_tkn, sts from adm_tkn_tebel where username_usr_adm_tkn=?"
            authorities-by-username-query="select username, role from roles where username =?  " />
    </authentication-provider>
</authentication-manager>

我可以从spring security中检索用户名,使用类似这样的步骤

 Authentication auth = SecurityContextHolder.getContext().getAuthentication();
                UserDetails userDetail = (UserDetails) auth.getPrincipal();
                String admin = userDetail.getUsername();

问题在于我无法获得其他字段,例如&#34; id_wlyh &#34; ?怎么办呢?

1 个答案:

答案 0 :(得分:0)

您必须创建自己的身份验证提供程序

 <authentication-manager>
        <authentication-provider ref="myprovider" />
 </authentication-manager>

该课程将如下所示:

@Component("myprovider")
public class MyProvider extends AbstractUserDetailsAuthenticationProvider {

    @Autowired
    private UserDao userdao;

    @Override
    public void additionalAuthenticationChecks(final UserDetails arg0, final UsernamePasswordAuthenticationToken arg1) throws AuthenticationException {
        // Nothing
    }

    @Override
    protected UserDetails retrieveUser(final String username, final UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
        MyUser u = userdao.getUser(username);
        if (u != null) {
            return u;
        }else{
            throw new BadCredentialsException("user invalid");
        }
    }

}

您必须创建用户类,根据需要添加任意数量的字段:

public class MyUser extends org.springframework.security.core.userdetails.User {
}

然后在访问主体时,您可以将其转换为您自己的定义:

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
MyUser userDetail = (MyUser) auth.getPrincipal();

通过这种方式,您可以访问所需的任何数据

相关问题
最新问题