我正在尝试让用户使用Authentication,如下所示,但getAuthentication()正在返回null。
我认为原因是用户名方法加载不会被调用。
@Bean
@Scope(value = WebApplicationContext.SCOPE_SESSION, proxyMode = ScopedProxyMode.TARGET_CLASS)
public AppUser user() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
return (AppUser) auth.getPrincipal();
}
安全配置类:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class AppSecurityConfig extends WebSecurityConfigurerAdapter {
private static final String DEFAULT_USER = "ROLE_USER";
private final Logger log = LoggerFactory.getLogger(this.getClass());
private boolean disablePrincipalChanges;
@Autowired
private AppPreAuthUserDetailsService preAuthUserDetailsService;
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("Inside configureGlobal(AuthenticationManagerBuilder auth)..");
auth.authenticationProvider(preAuthAuthenticationProvider());
}
@Bean
public PreAuthenticatedAuthenticationProvider preAuthAuthenticationProvider() {
log.info("Inside preAuthAuthenticationProvider()");
UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken> wrapper = null;
wrapper = new UserDetailsByNameServiceWrapper<PreAuthenticatedAuthenticationToken>(preAuthUserDetailsService);
PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider = new PreAuthenticatedAuthenticationProvider();
preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(wrapper);
return preAuthenticatedAuthenticationProvider;
}
@Bean
public Filter preAuthFilter() throws Exception {
log.info("Inside preAuthFilter");
RequestHeaderAuthenticationFilter filter = new RequestHeaderAuthenticationFilter();
filter.setPrincipalRequestHeader("sm_user");
filter.setAuthenticationManager(authenticationManagerBean());
filter.setCheckForPrincipalChanges(disablePrincipalChanges);
filter.setInvalidateSessionOnPrincipalChange(disablePrincipalChanges);
return filter;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
log.info("Configuring pre-auth");
http
.csrf().disable();
http
.addFilter(preAuthFilter());
http
.authorizeRequests()
.antMatchers("/**").authenticated()
.antMatchers("/**").permitAll()
.anyRequest().authenticated()
.anyRequest().hasAuthority(UserAuthoritiesEnum.VIEW.getCNUserAuthoritiesEnum());
}
@Override
public void configure(WebSecurity web) throws Exception {
log.info("Inside configure(WebSecurity web)..");
web.ignoring().antMatchers("/resources/**", "/webjars/**", "/js/**", "/css/**");
}
}
AppPreAuthUserDetailsService:
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesUserDetailsService;
import org.springframework.stereotype.Service;
/**
*
*/
@Service
public class AppPreAuthUserDetailsService extends PreAuthenticatedGrantedAuthoritiesUserDetailsService implements
UserDetailsService {
private final Logger log = LoggerFactory.getLogger(this.getClass());
public UserDetails loadUserByUsername(String clientUserId) throws UsernameNotFoundException {
log.info("Load User By loadUserByUsername" + clientUserId);
System.out.println("Success");
AppUser clientUser = new AppUser();
clientUser.setUserId(clientUserId);
return clientUser;
}
}