Am使用带有弹簧保护装置的弹簧靴2.2.4。面临的问题是,每次用新用户登录时,主体用户名都将重置为新登录用户的详细信息,为什么。但是,正如我观察到的,会话ID仍然正确。我不了解这种行为。有什么主意吗?
@EnableWebSecurity
public class IctSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//URLs matching for access rights
.antMatchers("/").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/signin").permitAll()
.antMatchers("/ict/**/**").permitAll()
.antMatchers("/user/queue/reply").hasAnyAuthority(RolesConst.APP_USER)
.antMatchers("/find").hasAnyAuthority(RolesConst.APP_USER)
//.anyRequest().authenticated()
.and()
//form login
.csrf().disable().formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.defaultSuccessUrl("/dashboard")
.and()
//logout
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login").and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
//return NoOpPasswordEncoder.getInstance();
}
}
UserDetails服务
@Service
public class IctUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//return new IctUserDetails(username);
Optional<UserEntity> user = userRepository.findByUsername(username);
user.orElseThrow(() -> new UsernameNotFoundException("Not found: " + username));
//UserController.groupname(username);
return user.map(IctUserDetails::new).get();
}
}
UserDetails类
public class IctUserDetails implements UserDetails {
private static final long serialVersionUID = 1L;
public static String username;
private String password;
private List<? extends GrantedAuthority> authorities;
public IctUserDetails() {
}
public IctUserDetails(UserEntity userEntity) {
this.username = userEntity.getUsername();
this.password = userEntity.getPassword();
List<SimpleGrantedAuthority> authoriteis = getRoleAuthoritiesFromUserEntity(userEntity);
this.authorities = authoriteis;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
/**
* Get list of role authorities from current user entity
* @param userRoleEntities
* @return
*/
@Transactional
private List<SimpleGrantedAuthority> getRoleAuthoritiesFromUserEntity(UserEntity userEntity) {
Collection<UserRoleEntity> userRoleEntities = userEntity.getUserRoleEntities();
List<SimpleGrantedAuthority> authoriteis = userRoleEntities
.stream()
.map(ur -> ur.getRole().getRoleName())
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
return authoriteis;
}
}
答案 0 :(得分:0)
所以,这就是问题所在。我在UserDetails类中已将用户名声明为静态
public static String username;。
我已将其更改为private String username;,现在一切都很好。谢谢。