图1 UserDetails的类图 UserDetails这个类的目的,《Pro Spring Security》的chapter3中,原文,"The interface org.springframework.security.core.userdetails.UserDetails...Authentication object, and they can be obtained by calling the getPrincipal method on it" 我们可以自己实现这个Userdetails...接口,保存我们想要的用户信息,之后将这个UserDetails的实现类放在Authentication中,通过Authentication.getPrincipal()获得。
本篇将通过 Spring Boot 2.x 来讲解 Spring Security 中的用户主体UserDetails。以及从中找点乐子。 2....3.2 UserDetails 从上面UserDetailsService 可以知道最终交给Spring Security的是UserDetails 。该接口是提供用户信息的核心接口。...通常我们使用其实现类: org.springframework.security.core.userdetails.User 该类内置一个建造器UserBuilder 会很方便地帮助我们构建UserDetails...该管理器通过配置注入了一个默认的UserDetails存在内存中,就是我们上面用的那个user ,每次启动user都是动态生成的。...org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails
public void setUserCache(UserCache userCache) { this.userCache = userCache; } public UserDetails...loadUserByUsername(String username) { UserDetails user = this.userCache.getUserFromCache(username...因为我打算使用EhCache来缓存UserDetails,所以需要使用Spring的EhCacheBasedUserCache类,该类是UserCache接口的实现类,主要是缓存操作。...缓存UserDetails到Ehcache的具体实现如下: ehcache.xml <?xml version="1.0" encoding="UTF-8"?
1 CachingUserDetailsService Spring Security提供了一个实现了可以缓存UserDetails的UserDetailsService实现类,CachingUserDetailsService...该类的构造接收一个用于真正加载UserDetails的UserDetailsService实现类 当需要加载UserDetails时,其首先会从缓存中获取,如果缓存中没有对应的UserDetails...UserDetails与缓存的交互是通过UserCache接口来实现的 CachingUserDetailsService默认拥有UserCache的一个空实现引用NullUserCache...当缓存中不存在对应的UserDetails时将使用引用的UserDetailsService类型的delegate进行加载 加载后再把它存放到Cache中并进行返回 除了NullUserCache...) element.getValue(); } } public void putUserInCache(UserDetails user) { Element
661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test} 在后台获取 UserDetails...userDetails = (UserDetails) SecurityContextHolder.getContext() .getAuthentication() .getPrincipal...import org.springframework.security.core.userdetails.UserDetails import org.springframework.web.bind.annotation.GetMapping...UserDto.success = true val loginUser = UserController.UserDto.LoginUser() val UserDetails...loginUser.username = UserDetails.username UserDto.loginUser = loginUser
package org.springframework.security.core.userdetails; public interface UserDetailsService { UserDetails... loadUserByUsername(String var1) throws UsernameNotFoundException; } UserDetails.java package org.springframework.security.core.userdetails... java.util.Collection; import org.springframework.security.core.GrantedAuthority; public interface UserDetails...Authentication有已认证和未认证两种状态,在作为参数传入认证管理器的时候,它是一个未认证的对象,它从客户端获取用户名/密码,并由系统自动构成一个Authentication对象;而UserDetails...代表的是一个用户安全信息的源,这个源可以是从数据库获取,Spring Security要做的就是将这个为认证的Authentication对象和UserDetails进行匹配,成功后将UserDetails
org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails...(userDetails); String token = jwtTokenUtil.generateToken(userDetails); response.addHeader...UserDetails userDetails = this.userDetailsService.loadUserByUsername(username); //对于简单的验证,仅检查令牌完整性就足够了...authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities...import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails
token, UserDetails userDetails):判断token是否还有效 package com.macro.mall.tiny.common.utils; import io.jsonwebtoken.Claims...import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.userdetails.UserDetails...从数据库中查询出来的用户信息 */ public boolean validateToken(String token, UserDetails userDetails) {...org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails...new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails...userDetails) { Map claims = new HashMap(2); claims.put("sub", userDetails.getUsername...userDetails) { JwtUser user = (JwtUser) userDetails; String username = getUsernameFromToken...= new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities...; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService
验证身份就是加载响应的UserDetails,看看是否和用户输入的账号、密码、权限等信息匹配。...包含 GrantedAuthority 的 UserDetails对象在构建 Authentication对象时填入数据。...; public interface UserDetailsService { UserDetails loadUserByUsername(String var1) throws...返回值是UserDetails,我们来看下这个类的源码 UserDetails类的源码 // // Source code recreated from a .class file by IntelliJ...IDEA // (powered by FernFlower decompiler) // package org.springframework.security.core.userdetails;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails... userDetails) { Map claims = new HashMap(2); claims.put("sub", userDetails.getUsername... userDetails) { JwtUser user = (JwtUser) userDetails; String username = getUsernameFromToken...= new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities...; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService
getUserDetails(@AuthenticationPrincipal UserDetails userDetails) { return userDetails; } 23....扩展UserDetails 通过以上注入@AuthenticationPricipal UserDetails userDetails后可以获取用户的信息,但是,对象中封装的信息可能不足以满足编程需求,...如果需要存在这些属性,就需要自定义类,扩展自UserDetails!...然后,在业务层处理用户登录时,使用以上创建的UserInfo类型的对象作为返回值对象: // 组织“用户详情”对象 UserDetails userDetails = org.springframework.security.core.userdetails.User...(), userDetails.getPassword(), userDetails.isEnabled(), userDetails.isAccountNonExpired
org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails...* 通常,子类至少会将 Authentication#getCredentials()与 UserDetails#getPassword()比较。...void additionalAuthenticationChecks(UserDetails userDetails,...org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails...*/ @SneakyThrows @Override protected void additionalAuthenticationChecks(UserDetails userDetails
= null && SecurityContextHolder.getContext().getAuthentication() == null) { UserDetails...(authToken, userDetails)) { UsernamePasswordAuthenticationToken authentication =...new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());...userDetails = loadUserByUsername(username); if(!...authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities
验证身份就是加载响应的UserDetails,看看是否和用户输入的账号、密码、权限等信息匹配。...包含 GrantedAuthority 的 UserDetails对象在构建 Authentication对象时填入数据。...; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService...= LogManager.getLogger(FavUserDetailService.class); /** * 根据用户名获取用户 - 用户的角色、权限等信息 */ public UserDetails...loadUserByUsername(String username) throws UsernameNotFoundException { UserDetails userDetails
class JwtTokenUtil { private String secret = "my-secret-key"; public String generateToken(UserDetails...userDetails) { Map claims = new HashMap(); return doGenerateToken(...claims, userDetails.getUsername()); } private String doGenerateToken(Map claims...userDetails) { final String username = getUsernameFromToken(token); return (username.equals...(userDetails.getUsername()) && !
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails...io.jsonwebtoken.Jwts; import io.jsonwebtoken.SignatureAlgorithm; import org.springframework.security.core.userdetails.UserDetails...用户 * @return 令牌 */ public String generateToken(UserDetails userDetails) { Map<...用户 * @return 是否有效 */ public Boolean validateToken(String token, UserDetails userDetails...new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
userDetails1 = User.builder() .username("admin") .password(passwordEncoder.encode....build(); /** * 构建一个用户账号student,student 作为STUDENT权限 */ UserDetails...userDetails2 = User.builder() .username("student") .password(passwordEncoder.encode...Student权限 .build(); return new InMemoryUserDetailsManager( userDetails1...,userDetails2); //return super.userDetailsService(); } } 基于权限认证 特殊说明: 解决问题的光鲜,藏着磕Bug的痛苦
userDetails) { User user = (User) userDetails; String username = getUsernameFromToken...= null && SecurityContextHolder.getContext().getAuthentication() == null) { UserDetails...(token, userDetails)) { UsernamePasswordAuthenticationToken authentication = new...UsernamePasswordAuthenticationToken( userDetails, null, userDetails.getAuthorities...(userDetails); return token; } } 关键代码就是这些,其他类代码参照后面提供的源码地址。
领取专属 10元无门槛券
手把手带您无忧上云