Spring Security 取Session中的值和修改userDetails

1.在session中取得spring security的登录用户名如下

${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}

spring security 把SPRING_SECURITY_CONTEXT 放入了session 没有直接把username 放进去。

下面一段代码主要描述的是session中的存的变量

view plaincopy to clipboardprint?
存跳转时候的URL  
session {SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}  
 
存的是登录成功时候session中存的信息  
session {SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984: Authentication: org.springframework.security.providers.cas.CasAuthenticationToken@87b16984: Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities: ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test} 
存跳转时候的URL
session {SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}

存的是登录成功时候session中存的信息
session {SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984: Authentication: org.springframework.security.providers.cas.CasAuthenticationToken@87b16984: Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities: ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test}

2.在页面端用tag获取

<%@ taglib prefix='security' uri='http://www.springframework.org/security/tags'%> 

<security:authentication property="principal.username"></security:authentication> 

或者


<security:authorize ifAllGranted="ROLE_ADMIN">

 <security:authentication property="principal.username"></security:authentication> 

</security:authorize>


或者取session中的值

#session.SPRING_SECURITY_CONTEXT.authentication.principal.username等同于

3.在后台获取

UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
    .getAuthentication()
    .getPrincipal();


userDetails.getUsername()


想要获取更多的信息得扩展userDetails的默认实现类user类和UserDetailsService接口

由于springsecurity是把整个user信息放入session中的即:session.SPRING_SECURITY_CONTEXT.authentication.principal

这个就是代表着user对象

因此我做了扩展增加user里的信息 加上userId

代码如下:扩展user

 expand sourceview plaincopy to clipboardprint?
package com.avi.casExtends;   
  
import org.springframework.security.GrantedAuthority;   
import org.springframework.security.userdetails.User;   
  
public class UserInfo extends User{   
    private static final long serialVersionUID = 1L;   
  
    private String userId;   
  
    @SuppressWarnings("deprecation")   
    public UserInfo(String username, String password, boolean enabled, GrantedAuthority[] authorities)   
        throws IllegalArgumentException {   
        super(username,password, enabled, authorities);   
    }   
  
    public String getUserId() {   
        return userId;   
    }   
  
    public void setUserId(String userId) {   
        this.userId = userId;   
    }   
  
    public static long getSerialVersionUID() {   
        return serialVersionUID;   
    }   
  
     
}  
package com.avi.casExtends;

import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.User;

public class UserInfo extends User{
 private static final long serialVersionUID = 1L;

    private String userId;

    @SuppressWarnings("deprecation")
 public UserInfo(String username, String password, boolean enabled, GrantedAuthority[] authorities)
        throws IllegalArgumentException {
        super(username,password, enabled, authorities);
    }

 public String getUserId() {
  return userId;
 }

 public void setUserId(String userId) {
  this.userId = userId;
 }

 public static long getSerialVersionUID() {
  return serialVersionUID;
 }

  
}
 

实现userDetailsservice接口

+ expand sourceview plaincopy to clipboardprint?
package com.avi.casExtends;   
  
import java.util.HashMap;   
import java.util.List;   
import java.util.Map;   
  
import org.springframework.dao.DataAccessException;   
import org.springframework.security.GrantedAuthority;   
import org.springframework.security.GrantedAuthorityImpl;   
import org.springframework.security.userdetails.UserDetails;   
import org.springframework.security.userdetails.UserDetailsService;   
import org.springframework.security.userdetails.UsernameNotFoundException;   
  
import com.avi.dao.AccountDao;   
import com.avi.data.User;   
  
public class UserInfoService implements UserDetailsService{   
       
    private AccountDao accountDao;   
    private Map<String, UserInfo> userMap = null;   
  
    public UserInfoService() {   
          
           
    }   
    public void fillMap(){   
         userMap = new HashMap<String, UserInfo>();   
         List<User> users = accountDao.findAllUsers();   
         UserInfo userInfo = null;   
         for(User user:users){   
            userInfo = new UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{   
                new GrantedAuthorityImpl(user.getRole()),   
            });   
            userInfo.setUserId(user.getId().toString());   
               
             userMap.put(user.getUserName(), userInfo);   
         }   
    }   
       
    public UserDetails loadUserByUsername(String username)   
        throws UsernameNotFoundException, DataAccessException {   
        if(userMap==null)   
            fillMap();   
        return userMap.get(username);   
    }   
  
    public AccountDao getAccountDao() {   
        return accountDao;   
    }   
  
    public void setAccountDao(AccountDao accountDao) {   
        this.accountDao = accountDao;   
    }   
  
    public Map<String, UserInfo> getUserMap() {   
        return userMap;   
    }   
  
    public void setUserMap(Map<String, UserInfo> userMap) {   
        this.userMap = userMap;   
    }   
  
}  
package com.avi.casExtends;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;

import com.avi.dao.AccountDao;
import com.avi.data.User;

public class UserInfoService implements UserDetailsService{
 
 private AccountDao accountDao;
 private Map<String, UserInfo> userMap = null;

    public UserInfoService() {
       
        
    }
    public void fillMap(){
      userMap = new HashMap<String, UserInfo>();
         List<User> users = accountDao.findAllUsers();
         UserInfo userInfo = null;
         for(User user:users){
          userInfo = new UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{
           new GrantedAuthorityImpl(user.getRole()),
          });
          userInfo.setUserId(user.getId().toString());
          
             userMap.put(user.getUserName(), userInfo);
         }
    }
    
    public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException, DataAccessException {
     if(userMap==null)
      fillMap();
        return userMap.get(username);
    }

 public AccountDao getAccountDao() {
  return accountDao;
 }

 public void setAccountDao(AccountDao accountDao) {
  this.accountDao = accountDao;
 }

 public Map<String, UserInfo> getUserMap() {
  return userMap;
 }

 public void setUserMap(Map<String, UserInfo> userMap) {
  this.userMap = userMap;
 }

}
 

 private AccountDao accountDao;是注入进来的查数据库的类

然后修改XML文件指定所要用到的service

+ expand sourceview plaincopy to clipboardprint?
<authentication-provider user-service-ref="userDetailsService"/>   
  
<bean id="userDetailsService" class="com.avi.casExtends.UserInfoService" singleton="false">   
        <property name="accountDao" ref="accountDao"/>   
</bean>  
<authentication-provider user-service-ref="userDetailsService"/>

<bean id="userDetailsService" class="com.avi.casExtends.UserInfoService" singleton="false">
  <property name="accountDao" ref="accountDao"/>
</bean> 


${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}

你可能感兴趣的:(DAO,spring,UI,Security)