是否可以从Authentication界面获取用户ID?我只能获得用户名。
@RequestMapping(value = "/photo/" , method = RequestMethod.POST,headers = {"content-type=multipart/form-data"})
public @ResponseBody Photo addPhotoData(@RequestParam("data") MultipartFile photoData, Authentication authentication) {
authentication.getName();
Photo p = photoService.save(photoData,authentication);
return p;
}
安全配置:
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter{
private final UserService userDetailsService;
private final BCryptPasswordEncoder bCryptPasswordEncoder;
public SecurityConfiguration(UserService userDetailsService, BCryptPasswordEncoder bCryptPasswordEncoder) {
this.userDetailsService = userDetailsService;
this.bCryptPasswordEncoder = bCryptPasswordEncoder;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.cors().and()
.csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, SecurityConstants.SIGN_UP_URL)
.permitAll()
.antMatchers(HttpMethod.GET, SecurityConstants.VERIFICATION_EMAIL_URL)
.permitAll()
.antMatchers(HttpMethod.POST, SecurityConstants.PASSWORD_RESET_REQUEST_URL)
.permitAll()
.antMatchers(HttpMethod.POST, SecurityConstants.PASSWORD_RESET_URL)
.permitAll()
.antMatchers(SecurityConstants.H2_CONSOLE)
.permitAll()
.antMatchers("/v2/api-docs", "/configuration/**", "/swagger*/**", "/webjars/**")
.permitAll()
.anyRequest().authenticated().and()
.addFilter(getAuthenticationFilter())
.addFilter(new AuthorizationFilter(authenticationManager()))
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.headers().frameOptions().disable();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(bCryptPasswordEncoder);
}
protected AuthenticationFilter getAuthenticationFilter() throws Exception {
final AuthenticationFilter filter = new AuthenticationFilter(authenticationManager());
filter.setFilterProcessesUrl("/user/login");
return filter;
}
@Bean
public CorsConfigurationSource corsConfigurationSource()
{
final CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowedOrigins(Arrays.asList("*"));
configuration.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE","OPTIONS"));
configuration.setAllowCredentials(true);
configuration.setAllowedHeaders(Arrays.asList("*"));
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
用户服务:
public interface UserService extends UserDetailsService{
User createUser(User user);
User getUser(String email);
User getUserByUserId(String customerId);
}
用户服务隐含:
@Service
public class UserServiceImpl implements UserService {
@Autowired
private UserRepository userRepository;
@Autowired
Utils utils;
@Autowired
BCryptPasswordEncoder bCryptPasswordEncoder;
/*@Autowired
PasswordResetTokenRepository passwordResetTokenRepository;*/
@Override
public User createUser(User user) {
if (userRepository.findByEmail(user.getEmail()) != null)
throw new UserServiceException("Record already exists");
String publicUserId = utils.generateUserId(30);
user.setCustomerId(publicUserId);
user.setEncryptedPassword(bCryptPasswordEncoder.encode(user.getPassword()));
//userEntity.setEmailVerificationToken(utils.generateEmailVerificationToken(publicUserId));
User userSaved = userRepository.save(user);
return userSaved;
}
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
User user = userRepository.findByEmail(email);
if (user == null)
throw new UsernameNotFoundException(email);
/*return new User(customer.getEmail(), customer.getEncryptedPassword(),
customer.getEmailVerificationStatus(),
true, true,
true, new ArrayList<>());*/
return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getEncryptedPassword(), new ArrayList<>());
}
@Override
public User getUser(String email) {
User user = userRepository.findByEmail(email);
if (user == null)
throw new UsernameNotFoundException(email);
return user;
}
@Override
public User getUserByUserId(String customerId) {
User user = userRepository.findByCustomerId(customerId);
if (user == null)
throw new UsernameNotFoundException("User with ID: " + customerId + " not found");
return user;
}
CustomeSecurityUser:
public class CustomSecurityUser extends User implements UserDetails {
private static final long serialVersionUID = -4381938875186527688L;
public CustomSecurityUser() {}
public CustomSecurityUser(User user) {
//this.setAuthorities(user.getAuthorities());
this.setId(user.getId());
this.setPassword(user.getPassword());
//this.setUsername(user.getUsername());
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return null;
}
@Override
public String getUsername() {
return null;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}