Java 如何从jdbc用户服务获取用户信息
我正在使用spring安全授权,通过使用以下代码保护用户登录到我的应用程序:Java 如何从jdbc用户服务获取用户信息,java,spring,spring-mvc,spring-security,spring-mybatis,Java,Spring,Spring Mvc,Spring Security,Spring Mybatis,我正在使用spring安全授权,通过使用以下代码保护用户登录到我的应用程序: <jdbc-user-service data-source-ref="dataSource" users-by-username-query="SELECT username, password as password,1 as enabled FROM users WHERE username=?" authorities-by-username-query="SELECT username, author
<jdbc-user-service data-source-ref="dataSource" users-by-username-query="SELECT username, password as password,1 as enabled FROM users WHERE username=?" authorities-by-username-query="SELECT username, authority,1 as enabled FROM users WHERE username =?" />
有没有办法将其他字段添加到此查询中,例如:ID、电子邮件 这仅用于身份验证,用户登录后,您可以通过以下方式检查登录用户:
@RequestMapping(path="loggedInUser", method={RequestMethod.GET}, produces={MediaType.APPLICATION_JSON_UTF8_VALUE})
@ResponseBody
public User getLoggedInUser(Principal principal) throws SQLException{
return database.getUser(principal.getName());
}
或者,如果要从数据库加载完整的自定义用户对象,然后在
SecurityContextHolder
/会话中设置它,则可以使用自定义UserDetailService()返回带有principal.getName()的用户名
创建自定义用户实体:
首先根据数据库表创建一个简单的自定义用户实体
@Entity
@Table(name = "users")
public class SecurityUser implements Serializable{
/**
*
*/
private static final long serialVersionUID = 1L;
@Id
@Column(name = "username", nullable = false, unique = true)
private String username;
@Column(name = "password", nullable = false)
@NotNull
private String password;
@Column(name = "type", nullable = false)
@NotNull
private String type;
@Column(name = "full_name", nullable = false)
@NotNull
private String fullName;
@Column(name = "email", nullable = false)
@NotNull
private String email;
//Gettters & Setters plus Default constructor
}
创建用于从数据库访问上述用户的存储库/DAO
创建自定义用户详细信息服务
在配置中设置UserDetailService
在使用基于XML的配置时,请在配置文件中执行以下操作:
<bean id="myUserDetailsService"
class="complete-path-to-serviceClasss.MyUserDetailsService"/>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="myUserDetailsService" >
<security:password-encoder ref="passwordEncoder">
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
public class CurrentUser extends User {
/**
*
*/
private static final long serialVersionUID = 1L;
private SecurityUser securityUser;
public CurrentUser(SecurityUser securityUser) {
super(securityUser.getUsername(), securityUser.getPassword(), AuthorityUtils.createAuthorityList(securityUser.getRole().toString()));
this.securityUser = securityUser;
}
public SecurityUser getSecurityUser() {
return securityUser;
}
public String getRole() {
return securityUser.getRole();
}
}
@Service
public class CurrentUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userService;
@Autowired
public CurrentUserDetailsService(UserRepository userService) {
this.userService = userService;
}
public CurrentUserDetailsService() {
}
@Override
public CurrentUser loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
SecurityUser user = userService.findByUsername(username);
return new CurrentUser(user);
}
}
<bean id="myUserDetailsService"
class="complete-path-to-serviceClasss.MyUserDetailsService"/>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="myUserDetailsService" >
<security:password-encoder ref="passwordEncoder">
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
CurrentUser user = SecurityContextHolder.getContext().getAuthentication().getPrincipal()