如何在Spring启动应用程序中获得具有spring security和Redis的当前经过身份验证的用户Principal

时间:2017-01-21 08:31:33

标签: spring-security redis jwt spring-session

我希望使用Spring安全性和Json Web Token(JWT)来保护我的服务,并且还使用spring会话将登录用户存储在redis中。因此,当用户发送登录请求时,我对用户进行身份验证并发送生成的令牌作为响应,如下所示:

public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException {

    // Perform the security
    final Authentication authentication = authenticationManager.authenticate(
            new UsernamePasswordAuthenticationToken(
                    authenticationRequest.getUsername(),
                    authenticationRequest.getPassword()
            )
    );
    SecurityContextHolder.getContext().setAuthentication(authentication);


    final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
    final String token = jwtTokenUtil.generateToken(userDetails, device);

    // Return the token
    return ResponseEntity.ok(new JwtAuthenticationResponse(token));
}

我还将该用户添加到会话(支持Redis会话):

HttpSession session = request.getSession(false);
    if (session != null) {
        session.setMaxInactiveInterval(30 * 600);
        JwtUser user = (JwtUser) authentication.getPrincipal();
        session.setAttribute("user", user);

    }

在我检查redis之后,我看到用户会话已经设置为redis。然后下一个用户请求我想验证我需要获取当前登录用户的令牌,当我获得身份验证时它是我的问题它返回&#34; anonymousUser&# 34; 

        Authentication auth = SecurityContextHolder.getContext().getAuthentication();

我看到debug screen Principal返回anonymousUser。

我也尝试如下:

@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserNameSimple(HttpServletRequest request) {
    Principal principal = request.getUserPrincipal();
    return principal.getName();
}

但是校长是空的。

我的redis配置:

@Configuration
@EnableRedisHttpSession 
public class RedisConfig implements BeanClassLoaderAware {

private ClassLoader loader;


@Bean(name = { "defaultRedisSerializer", "springSessionDefaultRedisSerializer" })
public RedisSerializer<Object> springSessionDefaultRedisSerializer() {
    return new GenericJackson2JsonRedisSerializer(objectMapper());

}

@Bean
public HttpSessionStrategy httpSessionStrategy() {
        return new HeaderHttpSessionStrategy(); 
}

@Bean
JedisConnectionFactory jedisConnectionFactory() {
    JedisConnectionFactory jedisConFactory = new JedisConnectionFactory();
    jedisConFactory.setHostName("localhost");
    jedisConFactory.setPort(6379);
    return jedisConFactory;
}

ObjectMapper objectMapper() {
    ObjectMapper mapper = new ObjectMapper();
    mapper.registerModules(SecurityJackson2Modules.getModules(this.loader));
    return mapper;
}

public void setBeanClassLoader(ClassLoader classLoader) {
    this.loader = classLoader;
}

}

Maven依赖项:

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-tomcat</artifactId>
        <scope>provided</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-mail</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-test</artifactId>
        <scope>test</scope>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-configuration-processor</artifactId>
        <optional>true</optional>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-thymeleaf</artifactId>
        <version>1.4.3.RELEASE</version>
    </dependency>

    <!-- https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core -->




    <!-- Password Validation -->
    <dependency>
        <groupId>org.passay</groupId>
        <artifactId>passay</artifactId>
        <version>${passay.version}</version>
    </dependency>




    <dependency>
        <groupId>org.springframework.mobile</groupId>
        <artifactId>spring-mobile-device</artifactId>
        <version>1.1.4.RELEASE</version>
    </dependency>

    <!--JWT -->
    <dependency>
        <groupId>io.jsonwebtoken</groupId>
        <artifactId>jjwt</artifactId>
        <version>0.7.0</version>
    </dependency>

    <dependency>
        <groupId>az.com.cybernet.utilities</groupId>
        <artifactId>utilities</artifactId>
        <version>0.0.1</version>
        <scope>compile</scope>
    </dependency>
    <dependency>
        <groupId>az.com.cybernet.beans</groupId>
        <artifactId>disieibeans</artifactId>
        <version>0.0.1</version>
        <scope>compile</scope>
    </dependency>



    <!-- DB dependencies -->
    <dependency>
        <groupId>org.postgresql</groupId>
        <artifactId>postgresql</artifactId>
        <version>9.4-1200-jdbc41</version>
    </dependency>




    <dependency>
        <groupId>javax.el</groupId>
        <artifactId>el-api</artifactId>
        <version>2.2</version>
    </dependency>


    <dependency>
        <groupId>net.logstash.logback</groupId>
        <artifactId>logstash-logback-encoder</artifactId>
        <version>4.8</version>
    </dependency>



    <!-- REDIS -->
    <dependency>
        <groupId>org.springframework.session</groupId>
        <artifactId>spring-session-data-redis</artifactId>
        <version>2.0.0.BUILD-SNAPSHOT</version>
        <type>pom</type>
    </dependency>
        <dependency>
        <groupId>redis.clients</groupId>
        <artifactId>jedis</artifactId>
        <version>2.5.1</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>4.2.0.RELEASE</version>
    </dependency>




</dependencies>

没有Redis,一切都运行良好,但是使用redis我无法获得当前经过身份验证的用户的主体

如何解决这个问题请帮助,谢谢!

2 个答案:

答案 0 :(得分:1)

我解决了我的问题。我用生菜客户端更改了jedis客户端,如下所示:

     <dependency>
        <groupId>biz.paluch.redis</groupId>
        <artifactId>lettuce</artifactId>
        <version>3.5.0.Final</version>
    </dependency>

My Principal为null,因为cookie名为&#34; JSESSIONID&#34;没有用Jedis客户端创建,所以用生菜3.5.0.Final版本解决了。

@EnableRedisHttpSession
public class RedisConfig {
@Bean
public LettuceConnectionFactory connectionFactory() {
    return new LettuceConnectionFactory();
}

@Bean
public CookieSerializer cookieSerializer() {
    DefaultCookieSerializer serializer = new DefaultCookieSerializer();
    serializer.setCookieName("JSESSIONID"); // <1>
    serializer.setCookiePath("/"); // <2>
    serializer.setDomainNamePattern("^.+?\\.(\\w+\\.[a-z]+)$"); // <3>
    return serializer;
}
}

答案 1 :(得分:0)

Similar Question Asked Here.

使用auth-key / sessionId调用redisOperationsSessionRepository。

希望有所帮助:)

相关问题
最新问题