您可以在自己的某個實體中擴展spring的User
類或實現UserDetails
接口,並在成功驗證後將該實體的實例放入SecurityContextHolder
。假設,你有User
實體(不帶彈簧的org.springframework.security.core.userdetails.User
混淆),那麼你就可以實現UserDetails
界面類似以下內容:
@Entity
@Table(name = "users")
public class User implements UserDetails {
private String username;
private String password;
private String firstName;
private String lastName;
private Set<String> roles = new HashSet<>();
public User() {}
public User(String username, String password, Collection<GrantedAuthority> authorities) {
this.username = username;
this.password = password;
this.roles = authorities.stream().map(GrantedAuthority::getAuthority).collect(Collectors.toSet());
}
@Id
@Override
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
@Override
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
@ElementCollection
@CollectionTable(name = "roles")
public Set<String> getRoles() {
return roles;
}
public void setRoles(Set<String> roles) {
this.roles = roles;
}
@Override
@Transient
public Collection<GrantedAuthority> getAuthorities() {
return roles.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList());
}
@Override
@Transient
public boolean isAccountNonExpired() {
return true;
}
@Override
@Transient
public boolean isAccountNonLocked() {
return true;
}
@Override
@Transient
public boolean isCredentialsNonExpired() {
return true;
}
@Override
@Transient
public boolean isEnabled() {
return true;
}
}
然後,你可以定義一個UserDetailsService
搜索基礎上,username
用戶並返回如果可能的話,User
實體的實例。類似以下內容:
@Override
@Autowired
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(username -> {
User user = userRepository.findByUsername(username);
if (user == null) throw new UsernameNotFoundException("Invalid user");
return user;
});
}
最後,當你使用SecurityContextHoler
,你可以投校長到你的User
的實體,而在firstName
和lastName
屬性:
User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
model.addAttribute("fullname", user.getFirstName() + " " + user.getLastName());
基於用戶名,取從數據庫擴展用戶信息,並將它們添加到您的模型 –
可能'user.getUsername()'返回一個用戶名,你怎麼看? – MaVVamaldo
我想獲得firstname + lastname以保存在'User'預定義的類中,以便我可以訪問它。 –