Spring Security 取Session中的值和修改userDetails(转)
来源:互联网 发布:linux视频播放器安装 编辑:程序博客网 时间:2024/06/01 08:46
1.在session中取得spring security的登录用户名如下
${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}
spring security 把SPRING_SECURITY_CONTEXT 放入了session 没有直接把username 放进去。
下面一段代码主要描述的是session中的存的变量
view plaincopy to clipboardprint?
存跳转时候的URL
session
{SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}
存的是登录成功时候session中存的信息
session
{SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984:
Authentication:
org.springframework.security.providers.cas.CasAuthenticationToken@87b16984:
Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password:
[PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired:
true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password:
[PROTECTED]; Authenticated: true; Details:
org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress:
127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities:
ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11
Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2,
userName=test}
存跳转时候的URL
session
{SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}
存的是登录成功时候session中存的信息
session
{SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984:
Authentication:
org.springframework.security.providers.cas.CasAuthenticationToken@87b16984:
Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password:
[PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired:
true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password:
[PROTECTED]; Authenticated: true; Details:
org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress:
127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities:
ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11
Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2,
userName=test}
2.在页面端用tag获取
Java代码
<%@ taglib prefix='security'
uri='http://www.springframework.org/security/tags'%>
<security:authentication
property="principal.username"></security:authentication>
<%@ taglib prefix='security' uri='http://www.springframework.org/security/tags'%>
<security:authentication property="principal.username"></security:authentication>
或者
Java代码
<security:authorize ifAllGranted="ROLE_ADMIN">
<security:authentication
property="principal.username"></security:authentication>
</security:authorize>
<security:authorize ifAllGranted="ROLE_ADMIN">
<security:authentication property="principal.username"></security:authentication>
</security:authorize>
或者取session中的值
#session.SPRING_SECURITY_CONTEXT.authentication.principal.username等同于
3.在后台获取
Java代码
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
.getAuthentication()
.getPrincipal();
userDetails.getUsername()
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
.getAuthentication()
.getPrincipal();
userDetails.getUsername()
想要获取更多的信息得扩展userDetails的默认实现类user类和UserDetailsService接口
由于springsecurity是把整个user信息放入session中的即:session.SPRING_SECURITY_CONTEXT.authentication.principal
这个就是代表着user对象
因此我做了扩展增加user里的信息 加上userId
代码如下:扩展user
Java代码
expand sourceview plaincopy to clipboardprint?
package com.avi.casExtends;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.User;
public class UserInfo extends User{
private static final long serialVersionUID = 1L;
private String userId;
@SuppressWarnings("deprecation")
public UserInfo(String username, String password, boolean enabled,
GrantedAuthority[] authorities)
throws IllegalArgumentException {
super(username,password, enabled, authorities);
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public static long getSerialVersionUID() {
return serialVersionUID;
}
}
package com.avi.casExtends;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.User;
public class UserInfo extends User{
private static final long serialVersionUID = 1L;
private String userId;
@SuppressWarnings("deprecation")
public UserInfo(String username, String password, boolean enabled,
GrantedAuthority[] authorities)
throws IllegalArgumentException {
super(username,password, enabled, authorities);
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public static long getSerialVersionUID() {
return serialVersionUID;
}
}
实现userDetailsservice接口
+ expand sourceview plaincopy to clipboardprint?
package com.avi.casExtends;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import com.avi.dao.AccountDao;
import com.avi.data.User;
public class UserInfoService implements UserDetailsService{
private AccountDao accountDao;
private Map<String, UserInfo> userMap = null;
public UserInfoService() {
}
public void fillMap(){
userMap = new HashMap<String, UserInfo>();
List<User> users = accountDao.findAllUsers();
UserInfo userInfo = null;
for(User user:users){
userInfo = new
UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{
new GrantedAuthorityImpl(user.getRole()),
});
userInfo.setUserId(user.getId().toString());
userMap.put(user.getUserName(), userInfo);
}
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if(userMap==null)
fillMap();
return userMap.get(username);
}
public AccountDao getAccountDao() {
return accountDao;
}
public void setAccountDao(AccountDao accountDao) {
this.accountDao = accountDao;
}
public Map<String, UserInfo> getUserMap() {
return userMap;
}
public void setUserMap(Map<String, UserInfo> userMap) {
this.userMap = userMap;
}
}
package com.avi.casExtends;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import com.avi.dao.AccountDao;
import com.avi.data.User;
public class UserInfoService implements UserDetailsService{
private AccountDao accountDao;
private Map<String, UserInfo> userMap = null;
public UserInfoService() {
}
public void fillMap(){
userMap = new HashMap<String, UserInfo>();
List<User> users = accountDao.findAllUsers();
UserInfo userInfo = null;
for(User user:users){
userInfo = new
UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{
new GrantedAuthorityImpl(user.getRole()),
});
userInfo.setUserId(user.getId().toString());
userMap.put(user.getUserName(), userInfo);
}
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if(userMap==null)
fillMap();
return userMap.get(username);
}
public AccountDao getAccountDao() {
return accountDao;
}
public void setAccountDao(AccountDao accountDao) {
this.accountDao = accountDao;
}
public Map<String, UserInfo> getUserMap() {
return userMap;
}
public void setUserMap(Map<String, UserInfo> userMap) {
this.userMap = userMap;
}
}
private AccountDao accountDao;是注入进来的查数据库的类
然后修改XML文件指定所要用到的service
+ expand sourceview plaincopy to clipboardprint?
<authentication-provider user-service-ref="userDetailsService"/>
<bean id="userDetailsService" class="com.avi.casExtends.UserInfoService"
singleton="false">
<property name="accountDao" ref="accountDao"/>
</bean>
<authentication-provider user-service-ref="userDetailsService"/>
<bean id="userDetailsService" class="com.avi.casExtends.UserInfoService"
singleton="false">
<property name="accountDao" ref="accountDao"/>
</bean>
${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}
expand sourceview plaincopy to clipboardprint?
package com.avi.casExtends;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.User;
public class UserInfo extends User{
private static final long serialVersionUID = 1L;
private String userId;
@SuppressWarnings("deprecation")
public UserInfo(String username, String password, boolean enabled, GrantedAuthority[] authorities)
throws IllegalArgumentException {
super(username,password, enabled, authorities);
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public static long getSerialVersionUID() {
return serialVersionUID;
}
}
package com.avi.casExtends;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.User;
public class UserInfo extends User{
private static final long serialVersionUID = 1L;
private String userId;
@SuppressWarnings("deprecation")
public UserInfo(String username, String password, boolean enabled, GrantedAuthority[] authorities)
throws IllegalArgumentException {
super(username,password, enabled, authorities);
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public static long getSerialVersionUID() {
return serialVersionUID;
}
}
实现userDetailsservice接口
+ expand sourceview plaincopy to clipboardprint?
package com.avi.casExtends;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import com.avi.dao.AccountDao;
import com.avi.data.User;
public class UserInfoService implements UserDetailsService{
private AccountDao accountDao;
private Map<String, UserInfo> userMap = null;
public UserInfoService() {
}
public void fillMap(){
userMap = new HashMap<String, UserInfo>();
List<User> users = accountDao.findAllUsers();
UserInfo userInfo = null;
for(User user:users){
userInfo = new UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{
new GrantedAuthorityImpl(user.getRole()),
});
userInfo.setUserId(user.getId().toString());
userMap.put(user.getUserName(), userInfo);
}
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if(userMap==null)
fillMap();
return userMap.get(username);
}
public AccountDao getAccountDao() {
return accountDao;
}
public void setAccountDao(AccountDao accountDao) {
this.accountDao = accountDao;
}
public Map<String, UserInfo> getUserMap() {
return userMap;
}
public void setUserMap(Map<String, UserInfo> userMap) {
this.userMap = userMap;
}
}
package com.avi.casExtends;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import com.avi.dao.AccountDao;
import com.avi.data.User;
public class UserInfoService implements UserDetailsService{
private AccountDao accountDao;
private Map<String, UserInfo> userMap = null;
public UserInfoService() {
}
public void fillMap(){
userMap = new HashMap<String, UserInfo>();
List<User> users = accountDao.findAllUsers();
UserInfo userInfo = null;
for(User user:users){
userInfo = new UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{
new GrantedAuthorityImpl(user.getRole()),
});
userInfo.setUserId(user.getId().toString());
userMap.put(user.getUserName(), userInfo);
}
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if(userMap==null)
fillMap();
return userMap.get(username);
}
public AccountDao getAccountDao() {
return accountDao;
}
public void setAccountDao(AccountDao accountDao) {
this.accountDao = accountDao;
}
public Map<String, UserInfo> getUserMap() {
return userMap;
}
public void setUserMap(Map<String, UserInfo> userMap) {
this.userMap = userMap;
}
}
private AccountDao accountDao;是注入进来的查数据库的类
然后修改XML文件指定所要用到的service
+ expand sourceview plaincopy to clipboardprint?
<authentication-provider user-service-ref="userDetailsService"/>
<bean id="userDetailsService" class="com.avi.casExtends.UserInfoService" singleton="false">
<property name="accountDao" ref="accountDao"/>
</bean>
<authentication-provider user-service-ref="userDetailsService"/>
<bean id="userDetailsService" class="com.avi.casExtends.UserInfoService" singleton="false">
<property name="accountDao" ref="accountDao"/>
</bean>
${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}
- Spring Security 取Session中的值和修改userDetails(转)
- Spring Security 取Session中的值和修改userDetails(转)
- Spring Security 取Session中的值和修改userDetails
- Spring Security 取Session中的值和修改userDetails
- 7. Spring Security缓存UserDetails
- 自定义 Spring Security 4 的UserDetailsService和UserDetails
- Spring Security(07)——缓存UserDetails
- Spring Security(07)——缓存UserDetails
- Spring Security(07)——缓存UserDetails
- Spring Security(07)——缓存UserDetails
- Spring Security(07)——缓存UserDetails
- Spring Security(07)——缓存UserDetails
- Spring security 和 Spring session 一起使用
- struts标签和EL表达式取session中的值
- spring-security+spring-session配置
- spring security session expired issue
- 13. Spring Security session管理
- Spring Security 中的盐值加密
- WeixinJSBridge
- 关于BroadcastReceiver从SDK中学到的
- 2014多校训练第十场(最大权闭合问题)
- java 简单工厂模式、多态工厂、抽像工厂 讲解, 代码示例
- 自己实现CreateRemoteThread
- Spring Security 取Session中的值和修改userDetails(转)
- Linux双网卡双IP双网关
- Android:Pull解析XML
- Android获取图片资源的4种方式
- XILINX zybo初体验
- hdu1272——小希的迷宫
- opengl 透明
- linux中段错误的处理
- 访问flickr
