java.lang.ClassCastException：org.springframework.security.core.userdetails.User不能轉換爲UserPrincipal

Question

我讓這個類UserPrincipal獲得我自定義的Hibernate User類的用戶ID。

public class UserPrincipal extends org.springframework.security.core.userdetails.User { 

    public User getUser() { 
     return user; 
    } 

    public UserPrincipal(String username, String password, boolean enabled, boolean accountNonExpired, 
      boolean credentialsNonExpired, boolean accountNonLocked, 
      Collection<? extends GrantedAuthority> authorities, User user) { 
     super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); 
     this.user = user; 
    } 

    private final User user; 

} 

然而，當我使用它是這樣的：

Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 
    User user = ((UserPrincipal) principal).getUser(); 

我收到以下錯誤：

java.lang.ClassCastException: org.springframework.security.core.userdetails.User cannot be cast to UserPrincipal

我覺得有一個在我實現了構造的方式錯誤，但我不確定。

或者它是否與我登錄用戶的方式不匹配？我正在使用Spring Security。

Answer 1

不是從spring-security擴展用戶類，而是更好地實現Spring安全性給出的UserDetails接口。請閱讀下面的代碼。爲您的項目提供自定義的userDetailsS​​ervice實現。我希望這將幫助你 - http://docs.spring.io/spring-security/site/docs/3.0.x/reference/technical-overview.html#d0e1613

public class LoggedUser implements UserDetails{ 
    private User user; 
    // setter and getter of user 

    public LoggedUser (User user){ 
    this.user=user; 

    } 



public Collection<? extends GrantedAuthority> getAuthorities() { 
List<SimpleGrantedAuthority> authorities=new ArrayList<SimpleGrantedAuthority>(); 
for (String role : user.getRoles()) { 
    authorities.add(new SimpleGrantedAuthority(role)); 
} 
return authorities; 
    } 

    public String getPassword() { 
return user.getPassword(); 
    } 

    public String getUsername() { 
// TODO Auto-generated method stub 
return user.getUsername(); 
    } 

    public boolean isAccountNonExpired() { 
// TODO Auto-generated method stub 
return true; 
    } 

    public boolean isAccountNonLocked() { 
// TODO Auto-generated method stub 
return true; 
    } 

    public boolean isCredentialsNonExpired() { 
    // TODO Auto-generated method stub 
return true; 
    } 

    public boolean isEnabled() { 
// TODO Auto-generated method stub 
    return true; 
} 

現在用戶下面的代碼來獲取用戶對象：

LoggedUser principal = (LoggedUser)SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 
User user = pricipal.getUser(); 

Answer 2

This is classic case of downcasting. To achieve this, do the following: 
Let consider A is the super class and B is sub class: 

1. Define this method in the subclass(B): 

    public static B method(A a) { 
     B b = null; 
     if (a instanceof A) { 
      b = (B) a;// downcasting 

     } 
     return b; 
    } 

2. Now in your working class(e.g., Service, Controller etc), do the following 


    A b = new B(); // Initialize super class object with subclass 
    BeanUtils.copyProperties(a,b);//where a being the instance of A(user in your case), with values 
    B c = B.method(b);