Spring Boot安全主体用户已更改为新登录的用户详细信息
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Boot安全主体用户已更改为新登录的用户详细信息相关的知识,希望对你有一定的参考价值。
Am使用带有弹簧保护装置的弹簧靴2.2.4。面临的问题是,每次使用新用户登录时,主体用户名都将重置为新登录用户的详细信息,为什么。但是,正如我观察到的,会话ID仍然正确。我不了解这种行为。有什么主意吗?
@EnableWebSecurity
public class IctSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
//URLs matching for access rights
.antMatchers("/").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/signin").permitAll()
.antMatchers("/ict/**/**").permitAll()
.antMatchers("/user/queue/reply").hasAnyAuthority(RolesConst.APP_USER)
.antMatchers("/find").hasAnyAuthority(RolesConst.APP_USER)
//.anyRequest().authenticated()
.and()
//form login
.csrf().disable().formLogin()
.loginPage("/login")
.failureUrl("/login?error=true")
.defaultSuccessUrl("/dashboard")
.and()
//logout
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login").and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
//return NoOpPasswordEncoder.getInstance();
}
}
UserDetails服务
@Service
public class IctUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//return new IctUserDetails(username);
Optional<UserEntity> user = userRepository.findByUsername(username);
user.orElseThrow(() -> new UsernameNotFoundException("Not found: " + username));
//UserController.groupname(username);
return user.map(IctUserDetails::new).get();
}
}
UserDetails类
public class IctUserDetails implements UserDetails {
private static final long serialVersionUID = 1L;
public static String username;
private String password;
private List<? extends GrantedAuthority> authorities;
public IctUserDetails() {
}
public IctUserDetails(UserEntity userEntity) {
this.username = userEntity.getUsername();
this.password = userEntity.getPassword();
List<SimpleGrantedAuthority> authoriteis = getRoleAuthoritiesFromUserEntity(userEntity);
this.authorities = authoriteis;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return this.username;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
/**
* Get list of role authorities from current user entity
* @param userRoleEntities
* @return
*/
@Transactional
private List<SimpleGrantedAuthority> getRoleAuthoritiesFromUserEntity(UserEntity userEntity) {
Collection<UserRoleEntity> userRoleEntities = userEntity.getUserRoleEntities();
List<SimpleGrantedAuthority> authoriteis = userRoleEntities
.stream()
.map(ur -> ur.getRole().getRoleName())
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
return authoriteis;
}
}
答案
所以,这就是问题所在。我在UserDetails类中将用户名声明为静态public static String username;。
我将其更改为private String username;,现在一切都很好。谢谢。
以上是关于Spring Boot安全主体用户已更改为新登录的用户详细信息的主要内容,如果未能解决你的问题,请参考以下文章
使用Spring Boot Starter安全性中的Custom登录页面成功登录,没有进入下一页
使用 angularJS 的 Spring Boot 安全性/登录身份验证