我有一个spring控制器,让我登录,并应该在输入正确的凭据时返回用户详细信息(角色,用户名)作为响应,而只返回jwt令牌和用户名。这是api响应:
{
"username": "adam",
"token": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJhZGFtIiwicm9sZXMiOlsiUk9MRV9BRE1JTiJdLCJpYXQiOjE1NTcyMzUxMTMsImV4cCI6MTU1NzIzODcxM30.PksRTzgYu6r79KNmc4YDNXGqO1Ke63oOzzoPjURUY9k"
}
我的控制器:
package com.example.demo.controller;
import com.example.demo.domain.User;
import com.example.demo.repository.UserRepository;
import com.example.demo.security.jwt.JwtTokenProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.web.bind.annotation.*;
import java.util.HashMap;
import java.util.Map;
import static org.springframework.http.ResponseEntity.ok;
@RestController
@RequestMapping("/auth")
public class AuthController {
@Autowired
AuthenticationManager authenticationManager;
@Autowired
JwtTokenProvider jwtTokenProvider;
@Autowired
UserRepository users;
@PostMapping("/signin")
public ResponseEntity signin(@RequestBody User user) {
try {
String username = user.getUsername();
authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, user.getPassword()));
String token = jwtTokenProvider.createToken(username, this.users.findByUsername(username).orElseThrow(() -> new UsernameNotFoundException("Username " + username + "not found")).getRoles());
Map<Object, Object> model = new HashMap<>();
model.put("username", username);
model.put("token", token);
model.put("roles", user.getRoles());
return ok(model);
} catch (AuthenticationException e) {
throw new BadCredentialsException("Invalid username/password supplied");
}
}
}
我的实体
:package com.example.demo.domain;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonSetter;
import lombok.AllArgsConstructor;
import lombok.Builder;
import lombok.Data;
import lombok.NoArgsConstructor;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import javax.persistence.*;
import javax.validation.constraints.Email;
import javax.validation.constraints.NotEmpty;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static java.util.stream.Collectors.toList;
@Entity
@Table(name="users")
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class User implements UserDetails {
private static final long serialVersionUID = 357523406648925755L;
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
Long id;
@NotEmpty
@Column(name="username")
private String username;
@Column(name="firstname")
private String firstName;
@Column(name="lastname")
private String lastName;
@NotEmpty
@Column(name="password")
private String password;
@Column(name = "email")
@NotEmpty()
private String email;
@Column(name = "enabled")
private boolean enabled;
@ElementCollection(fetch = FetchType.EAGER)
@Builder.Default
private List<String> roles = new ArrayList<>();
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return this.roles.stream().map(SimpleGrantedAuthority::new).collect(toList());
}
@JsonIgnore
@Override
public String getPassword() {
return this.password;
}
@JsonSetter
public void setPassword(String password) {
this.password = password;
}
@Override
public String getUsername() {
return this.username;
}
@JsonIgnore
@Override
public boolean isAccountNonExpired() {
return true;
}
@JsonIgnore
@Override
public boolean isAccountNonLocked() {
return true;
}
@JsonIgnore
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}