Spring Security - 实现UserDetailsS​​ervice

时间:2017-03-22 14:03:03

标签: java spring spring-mvc

我知道如果我将它作为方法参数包含在内,Spring会将主体传递给控制器​​的方法。

我正在尝试通过实施UserDetailsService来扩展此功能:

我创建了一个名为CustomUserDetails的类,扩展了org.springframework.security.core.userdetails.User

我创建了一个名为CustomUserDetailsService的服务来实现UserDetailsService

异常

  

HTTP状态500 - 请求处理失败;嵌套异常是   java.lang.ClassCastException:   org.springframework.security.authentication.UsernamePasswordAuthenticationToken   无法转换为com.demo.model.CustomUserDetails

我的控制器方法中的以下行是抛出异常:

CustomUserDetails userDetails = (CustomUserDetails) principal;

Controller.java 

@RequestMapping(value = "/dashboard", method = RequestMethod.GET)
    public ModelAndView displayHomePage(ModelAndView modelAndView, Principal principal, HttpServletRequest request) {

        // Throws exception here 
        CustomUserDetails userDetails = (CustomUserDetails) principal;      

        System.out.println(userDetails.getFirstName());

        // Tried this and it also throws exception
        // User cannot be cast to CustomUserDetails
        //Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        //CustomUserDetails userDetails = (CustomUserDetails)auth.getPrincipal();

        // Render template located at
        // src/main/resources/templates/dashboard.html
        modelAndView.setViewName("dashboard");

        return modelAndView;
    }

SecurityConfiguration.java 

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private BCryptPasswordEncoder bCryptPasswordEncoder;

    @Autowired
    private DataSource dataSource;

    @Value("${spring.queries.users-query}")
    private String usersQuery;

    @Value("${spring.queries.roles-query}")
    private String rolesQuery;

    @Autowired
    SecurityHandler successHandler;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery)
                .dataSource(dataSource).passwordEncoder(bCryptPasswordEncoder);
    }


    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests().antMatchers("/").permitAll().antMatchers("/register*").permitAll()
                .antMatchers("/reset").permitAll().antMatchers("/forgot").permitAll().antMatchers("/grid").permitAll()
                .antMatchers("/login").permitAll().antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest()
                .authenticated().and().formLogin().loginPage("/login").failureUrl("/login?error")
                .defaultSuccessUrl("/dashboard").successHandler(successHandler).usernameParameter("email")
                .passwordParameter("password").and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                .logoutSuccessUrl("/login?logout").and().exceptionHandling().accessDeniedPage("/access-denied");

    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/error**", "/resources/**", "/static/**", "/css/**", "/js/**", "/img/**");
    }

}

CustomUserDetails.java 

public class CustomUserDetails extends org.springframework.security.core.userdetails.User {

    public CustomUserDetails(String username, String password,
         Collection<? extends GrantedAuthority> authorities) {            
        super(username, password, authorities);
    }

    private String firstName;
    private String lastName;


    public String getFirstName() {
        return firstName;
    }

    public void setFirstName(String firstName) {
        this.firstName = firstName;
    }

    public String getLastName() {
        return lastName;
    }

    public void setLastName(String lastName) {
        this.lastName = lastName;
    }

}

CustomUserDetailsS​​ervice.java 

@Service
public class CustomUserDetailsService implements UserDetailsService{

    @Override
    public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException{         

        if(StringUtils.isEmpty(userName)) 
            throw new UsernameNotFoundException("User name is empty");

        //if you don't use authority based security, just add empty set
        Set<GrantedAuthority> authorities = new HashSet<>();
        CustomUserDetails userDetails = new CustomUserDetails(userName, "", authorities);            

        userDetails.setFirstName("Testing: " + new Date());


        return userDetails;
    }

}

2 个答案:

答案 0 :(得分:0)

WebSecurityConfigurerAdapter

,您需要添加注册自定义详细信息服务:

auth.userDetailsService(customDetailService) 

     @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication().usersByUsernameQuery(usersQuery).authoritiesByUsernameQuery(rolesQuery)
                .dataSource(dataSource).passwordEncoder(bCryptPasswordEncoder);
    }

答案 1 :(得分:0)

将您的控制器更改为:

CONTROLLER 

@RequestMapping(value = "/dashboard", method = RequestMethod.GET)
public ModelAndView displayHomePage(ModelAndView modelAndView, Authentication authentication, HttpServletRequest request) {

    CustomUserDetails userDetails = (CustomUserDetails) authentication.getPrincipal;

请注意,它将返回一个Authentication对象。

相关问题
最新问题