(转)SpringSecurity扩展User类,获取Session
1.在session中取得spring security的登录用户名如下
${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}
spring security 把SPRING_SECURITY_CONTEXT 放入了session 没有直接把username 放进去。
下面一段代码主要描述的是session中的存的变量
view plaincopy to clipboardprint?
存跳转时候的URL
session {SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}
存的是登录成功时候session中存的信息
session {SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984: Authentication: org.springframework.security.providers.cas.CasAuthenticationToken@87b16984: Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities: ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test}
存跳转时候的URL
session {SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}
存的是登录成功时候session中存的信息
session {SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984: Authentication: org.springframework.security.providers.cas.CasAuthenticationToken@87b16984: Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities: ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test}
2.在页面端用tag获取
<%@ taglib prefix='security' uri='http://www.springframework.org/security/tags'%>
<security:authentication property="principal.username"></security:authentication>
或者
<security:authorize ifAllGranted="ROLE_ADMIN">
<security:authentication property="principal.username"></security:authentication>
</security:authorize>
或者取session中的值
session.SPRING_SECURITY_CONTEXT.authentication.principal.username等同于
3.在后台获取
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
.getAuthentication()
.getPrincipal();
userDetails.getUsername()
想要获取更多的信息得扩展userDetails的默认实现类user类和UserDetailsService接口
由于springsecurity是把整个user信息放入session中的即:session.SPRING_SECURITY_CONTEXT.authentication.principal
这个就是代表着user对象
因此我做了扩展增加user里的信息 加上userId
代码如下:扩展user
- expand sourceview plaincopy to clipboardprint?
package com.avi.casExtends;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.User;
public class UserInfo extends User{
private static final long serialVersionUID = 1L;
private String userId;
@SuppressWarnings("deprecation")
public UserInfo(String username, String password, boolean enabled, GrantedAuthority[] authorities)
throws IllegalArgumentException {
super(username,password, enabled, authorities);
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public static long getSerialVersionUID() {
return serialVersionUID;
}
}
package com.avi.casExtends;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.User;
public class UserInfo extends User{
private static final long serialVersionUID = 1L;
private String userId;
@SuppressWarnings("deprecation")
public UserInfo(String username, String password, boolean enabled, GrantedAuthority[] authorities)
throws IllegalArgumentException {
super(username,password, enabled, authorities);
}
public String getUserId() {
return userId;
}
public void setUserId(String userId) {
this.userId = userId;
}
public static long getSerialVersionUID() {
return serialVersionUID;
}
}
实现userDetailsservice接口
- expand sourceview plaincopy to clipboardprint?
package com.avi.casExtends;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import com.avi.dao.AccountDao;
import com.avi.data.User;
public class UserInfoService implements UserDetailsService{
private AccountDao accountDao;
private Map<String, UserInfo> userMap = null;
public UserInfoService() {
}
public void fillMap(){
userMap = new HashMap<String, UserInfo>();
List<User> users = accountDao.findAllUsers();
UserInfo userInfo = null;
for(User user:users){
userInfo = new UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{
new GrantedAuthorityImpl(user.getRole()),
});
userInfo.setUserId(user.getId().toString());
userMap.put(user.getUserName(), userInfo);
}
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if(userMap==null)
fillMap();
return userMap.get(username);
}
public AccountDao getAccountDao() {
return accountDao;
}
public void setAccountDao(AccountDao accountDao) {
this.accountDao = accountDao;
}
public Map<String, UserInfo> getUserMap() {
return userMap;
}
public void setUserMap(Map<String, UserInfo> userMap) {
this.userMap = userMap;
}
}
package com.avi.casExtends;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import com.avi.dao.AccountDao;
import com.avi.data.User;
public class UserInfoService implements UserDetailsService{
private AccountDao accountDao;
private Map<String, UserInfo> userMap = null;
public UserInfoService() {
}
public void fillMap(){
userMap = new HashMap<String, UserInfo>();
List<User> users = accountDao.findAllUsers();
UserInfo userInfo = null;
for(User user:users){
userInfo = new UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{
new GrantedAuthorityImpl(user.getRole()),
});
userInfo.setUserId(user.getId().toString());
userMap.put(user.getUserName(), userInfo);
}
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
if(userMap==null)
fillMap();
return userMap.get(username);
}
public AccountDao getAccountDao() {
return accountDao;
}
public void setAccountDao(AccountDao accountDao) {
this.accountDao = accountDao;
}
public Map<String, UserInfo> getUserMap() {
return userMap;
}
public void setUserMap(Map<String, UserInfo> userMap) {
this.userMap = userMap;
}
}
private AccountDao accountDao;是注入进来的查数据库的类
然后修改XML文件指定所要用到的service
- expand sourceview plaincopy to clipboardprint?
${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}
===================================== 分割线 ======================================
根据以上内容,在扩展了自己的user之后,可以在自己的Thymeleaf下面做一些事情了。
admin
(转)SpringSecurity扩展User类,获取Session的更多相关文章
- 一个简单的C#获取Session、设置Session类文件
一个简单的C#获取Session.设置Session类文件,本类主要实现大家最常用的两个功能: 1.GetSession(string name)根据session名获取session对象: 2.Se ...
- asp.net 类库中获取session c#类中获取session
asp.net 类库中获取session c#类中获取session 1. 先引入命名空间 using System.Web; using System.Web.SessionState; 在使用H ...
- 教你在Java的普通类中轻松获取Session以及request中保存的值
曾经有多少人因为不知如何在业务类中获取自己在Action或页面上保存在Session中值,当然也包括我,但是本人已经学到一种办法可以解决这个问题,来分享下,希望对你有多多少少的帮助! 如何在Java的 ...
- spring 普通类获取四大作用域request、applicationContext、session、page
几乎所有web应用容器都提供了四种类似Map的结构:application session request page,Jsp或者Servlet通过向着这四个对象放入数据,从而实现Jsp和Servlet ...
- SQLServer中使用扩展事件获取Session级别的等待信息以及SQLServer 2016中Session级别等待信息的增强
本文出处:http://www.cnblogs.com/wy123/p/6835939.html 什么是等待 简单说明一下什么是等待:当应用程序对SQL Server发起一个Session请求的时候, ...
- spring的普通类中获取session和request对像
在使用spring时,经常需要在普通类中获取session,request等对像. 1.第一钟方式,针对Spring和Struts2集成的项目: 在有使用struts2时,因为struts2有一个接口 ...
- jeecg中的一个上下文工具类获取request,session
通过调用其中的方法可以获取到request和session,调用方式如下: HttpServletRequest request = ContextHolderUtils.getRequest();H ...
- SpringBoot 封装返回类以及session 添加获取
1.创建返回类Result public class Result<T>{ /*错误码*/ private Integer code; /*提示信息 */ private String m ...
- spring在普通类中获取session和request
在使用spring时,经常需要在普通类中获取session,request等对像.比如一些AOP拦截器类,在有使用struts2时,因为struts2有一个接口使用org.apache.struts2 ...
随机推荐
- python some install tips
/* wooyun的小伙伴出了神器. 但是都是打包配置的.我本机又搭建了wamp,不能混合了,那就自己动手丰衣足食咯. */ python 2.7 已经安装. pip https://pip.pypa ...
- Asp.net using Oracle.DataAccess.dll access oracle 11g 64bit & x86
使用.net访问oracle数据库时一般需要在机器上安装instantclient才能正常连接. 下面介绍一种不用安装instantclient直接引用dll就用.net能连接oracle数据库的方法 ...
- Android文件系统的结构
Android 4.2.2 版本的文件系统 内核版本为 3.0.31 版本号为JDQ39 factory//估计是存放网络通信协议的登录密钥的|-- bluetooth|-- hdcp.keys|-- ...
- 三星framebuffer驱动代码分析
一.驱动总体概述 本次的驱动代码是Samsung公司为s5pv210这款SoC编写的framebuffer驱动,对应于s5pv210中的内部外设Display Controller (FIMD)模块. ...
- linq 延迟执行带来的困扰
有这样一个案例: var filteredResult = from f in orgFileList select f; ; i < WorkStatusFilters.ListWorkSta ...
- Find the equipment indices
Here is a simple program test task, it doesn't have very diffcult logic: A zero-indexed array A cons ...
- @Configuration 和 @Bean
1. @Bean: 1.1 定义 从定义可以看出,@Bean只能用于注解方法和注解的定义. @Target({ElementType.METHOD, ElementType.ANNOTATION_TY ...
- Selenium2+python自动化16-alert\confirm\prompt
前言 不是所有的弹出框都叫alert,在使用alert方法前,先要识别出到底是不是alert.先认清楚alert长什么样子,下次碰到了,就可以用对应方法解决. alert\confirm\prompt ...
- Floyd | | jzoj[1218] | | [Usaco2009 Dec]Toll 过路费 | | BZOJ 1774 | | 我也不知道该怎么写
写在前面:老师说这一道题是神题,事实上确实如此,主要是考察对Floyd的理解 ******************************题目.txt************************* ...
- 安装spy-debugger