Question

我正在使用mongodb复制会话

以下是我正在使用的配置

@Configuration
@EnableMongoHttpSession
public class MongoSessionReplication {

@Bean
public AbstractMongoSessionConverter mongoSessionConverter() {
    List<Module> securityModules = SecurityJackson2Modules.getModules(getClass().getClassLoader());
    return new JacksonMongoSessionConverter(securityModules);
}
@Bean
public MongoTemplate mongoTemplate(@Qualifier("replicaSet") Datastore replicaSet){
   MongoTemplate mongoTemplate = new MongoTemplate(replicaSet.getMongo(),replicaSet.getDB().getName());
   return mongoTemplate;
}

}

现在一切正常，但是在登录后Spring安全性创建的Principal对象除外。我有UserDetails

的自定义实现

public class PortalUser extends User {

    private String primaryEmailId;

    private String redirectUrl;

    public PortalUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
    }
    public PortalUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
        super(username, password, true, true, true, true, authorities);
    }

    public String getPrimaryEmailId() {
        return primaryEmailId;
    }

    public void setPrimaryEmailId(String primaryEmailId) {
        this.primaryEmailId = primaryEmailId;
    }

    public String getRedirectUrl() {
        return redirectUrl;
    }

    public void setRedirectUrl(String redirectUrl) {
        this.redirectUrl = redirectUrl;
    }
}

以下是UserDetailsService

@Service
public class PortalUserDetailService implements UserDetailsService {

    @Autowired
    private SSOServiceAPI ssoServiceAPI;

    @Autowired
    private UserProfileService userProfileService;

    @Override
    public UserDetails loadUserByUsername(String hexId) throws UsernameNotFoundException {
        UserProfile userProfile = userProfileService.getUserProfileByUserId(hexId);
        List<GrantedAuthority> grantedAuthority = new ArrayList<GrantedAuthority>();
        if(userProfile!=null) {
            grantedAuthority.add(new SimpleGrantedAuthority(userProfile.getSsmRoles().name()));
        } else {
            grantedAuthority.add(new SimpleGrantedAuthority("USER"));
        }
        SSOUsers ssoUser = ssoServiceAPI.findSSOUser(hexId, false);
        PortalUser portalUser = new PortalUser(hexId, hexId, true, true, true, true, grantedAuthority);
        portalUser.setPrimaryEmailId(ssoUser.getPrimaryUserId());
        return portalUser;

    }
}

控制器

public String getAllProducts(@RequestParam(value = "callback", required = true) String callback, Principal principal, HttpServletRequest request) {

    String hexId = principal.getName();
    String primaryEmailId = ((PortalUser) ((UsernamePasswordAuthenticationToken) principal).getPrincipal()).getPrimaryEmailId(); //----->> this line fails

}

上面突出显示的类型转换失败，因为它返回UserDetails的实例，而不是我的自定义PortalUser。但是，当我禁用spring-session replication ..时，这不是一个例子。

Answer 1

您需要实现Spring的Security UserDetails，而不是User。

将MyUser更新为以下内容：

public class SecUserDetails implements UserDetails {

    private User user;

    public SecUserDetails(User user) {
        this.user = user;
    }
    ......
    ......
    ......
}

使用mongodb的Spring会话复制无法按预期工作

1 个答案: