Store the userId with Spring Security Authentication
I need to get the userId when the authentication is loading the login, so that I can store it and use it later to gather more information about the by its ID.
Here is my
-
You can have your own AuthenticationProvider to handler your login:
@Component public class AuthenticationProviderBean implements AuthenticationProvider { @Autowired private UserloginDAO userloginDAO; @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = authentication.getName(); String password = null; User user = userloginDAO.getUsername(username); if(user == null || !userLoginDAO.auth(user.getPassword(), password)){ throw new BadCredentialsException("Login Unauthenticated"); } UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password, Arrays.asList(new MyGrantedAuthority(user))); token.setDetails(user); return token; } @Override public boolean supports(Class<?> authentication) { return authentication.equals(UsernamePasswordAuthenticationToken.class); } public class MyGrantedAuthority implements GrantedAuthority{ private static final long serialVersionUID = 5202669007419658413L; private UserData user; public MyGrantedAuthority() { super(); } public MyGrantedAuthority(UserData user){ this.user = user; } @Override public String getAuthority() { return user.getRole(); } } }Then you can get current user like this:
User user = (User)SecurityContextHolder.getContext().getAuthentication.getDetails();讨论(0) -
SecurityContextHolder.getContext().setAuthentication(result);will put the authentication object inSecurityContextwhich itself maintained in session if the application is a web application.Instead of storing the username in session you can retrieve the
Authenticationobject using the following code.SecurityContext securityContext = SecurityContextHolder.getContext(); Object principal; String username; if(null != securityContext.getAuthentication()){ principal = securityContext.getAuthentication().getPrincipal(); username = securityContext.getAuthentication().getName(); }Value of
usernamewill be the username used in authentication. Value ofprincipalwill be the principal object. Many of the authentication providers will create aUserDetailsobject as the principal.Update:
If you want to store additional information you can extend
org.springframework.security.core.userdetails.Userand have the additional informations as properties of that class.import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.User; import java.util.Collection; public class CustomUser extends User { private int id; public int getId() { return id; } public void setId(int id) { this.id = id; } public CustomUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities,int id) { super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); setId(id); } }And in
loadUserByUsernamereturnCustomUserinstead ofUser.public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { empsuite.model.UserData domainUser = userloginDAO.getUsername(username); boolean enabled = true; boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; return new CustomUser( domainUser.getUsername(), domainUser.getPassword(), enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(1), domainUser.getId()); }Now
securityContext.getAuthentication().getPrincipal()will returnCustomUserobject. So you can get theIDby((CustomUser)securityContext.getAuthentication().getPrincipal()).getId()SecurityContext securityContext = SecurityContextHolder.getContext(); CustomUser user; if(null != securityContext.getAuthentication()){ user = (CustomUser) securityContext.getAuthentication().getPrincipal(); } int id = user.getId();讨论(0)
加载中...
- 热议问题