Spring mvc Spring安全性:org.springframework.Security.core.userdetails.User不能强制转换为Person
我正在开发一个使用SpringSecurity的SpringMVC应用程序。因为我需要获取当前经过身份验证的用户的对象,所以我可以使用setUser()方法。在下面提到的代码中,有一个名为getCurrentlyAuthenticatedUser()的方法,其中我在getPrincipal处出错,因为它无法从springframework.security.core.userDetails.User-to-Person(我的类包含所有Person详细信息)强制转换。我在互联网上查看了各种解决方案,但没有一个适合我所做的实现。我的身份验证实现与下面的博客中提到的实现相匹配。我已经粘贴了所有可能有用的类 博客: 人员类别:Spring mvc Spring安全性:org.springframework.Security.core.userdetails.User不能强制转换为Person,spring-mvc,spring-security,Spring Mvc,Spring Security,我正在开发一个使用SpringSecurity的SpringMVC应用程序。因为我需要获取当前经过身份验证的用户的对象,所以我可以使用setUser()方法。在下面提到的代码中,有一个名为getCurrentlyAuthenticatedUser()的方法,其中我在getPrincipal处出错,因为它无法从springframework.security.core.userDetails.User-to-Person(我的类包含所有Person详细信息)强制转换。我在互联网上查看了各种解决方案
@Entity
@Table(name="person")
public class Person implements UserDetails{
private static final GrantedAuthority USER_AUTH = new SimpleGrantedAuthority("ROLE_USER");
@Id
@Column(name="id")
@GeneratedValue(strategy = GenerationType.SEQUENCE,generator = "person_seq_gen")
@SequenceGenerator(name = "person_seq_gen",sequenceName = "person_seq")
private int id;
@Column(name = "username")
private String username;
@Column(name = "password")
private String password;
@Transient
private final String PERMISSION_PREFIX = "ROLE_USER";
@Transient
private List<GrantedAuthority> authorities;
@Transient
private String role;
@OneToMany(cascade = CascadeType.ALL,mappedBy = "person1")
private Set<Notes> notes1;
public Set<Notes> getNotes1() {
return notes1;
}
public void setNotes1(Set<Notes> notes1) {
this.notes1 = notes1;
}
}
汇编程序类:
@服务(“汇编程序”)
Spring安全xml
<import resource="servlet-context.xml" />
<!-- Global Security settings -->
<security:global-method-security pre-post-annotations="enabled" />
<security:http pattern="/" security="none" />
<security:http create-session="ifRequired" use-expressions="true" auto-config="false" disable-url-rewriting="true">
<security:port-mappings>
<security:port-mapping http="80" https="443"/>
</security:port-mappings>
<security:session-management session-fixation-protection="migrateSession" invalid-session-url="/invalidSession.html">
<security:concurrency-control max-sessions="3" error-if-maximum-exceeded="true" expired-url="/sessionExpired.html"/>
</security:session-management>
<security:form-login login-page="/login" default-target-url="/note/add" always-use-default-target="true" authentication-failure-url="/login?error"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="LoginServiceImpl" />
</security:authentication-manager>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="LoginServiceImpl"/>
</beans:bean>
</beans>
Hi,您能否确认在第行Person currentUser=(Person)a.getPrincipal()上看到消息Authentication not null
后跟NullPointerException代码>?这不是一个ClassCastException
?您好,我没有看到那个消息。最后我找到了一个解决办法。spring安全性实现的一切都是正确的。我无法回避强制转换问题,所以我只是通过身份验证对象检索用户的用户名。将其传递给DAO以检索Person对象并使用它保存注释。虽然不是最优的,但目前仍然有效。当您的Person
类已经实现了UserDetails
,为什么还要创建一个User
实例呢?@Orici请不要在多个问题中重复发布相同的内容,或者至少删除以前的问题。这样很难回答。最重要的是,正如已经询问过的那样,请发布错误的完整详细信息,如果您有stacktrace,请始终包括它。谢谢
public class Assembler {
@Transactional(readOnly = true)
User buildUserFromUserEntity(Person userEntity){
String username = userEntity.getUsername();
String password = userEntity.getPassword();
// Long id = userEntity.getId();
boolean enabled = userEntity.isActive();
boolean accountNonExpired = userEntity.isAccountNonExpired();
boolean credentialsNonExpired = userEntity.isCredentialsNonExpired();
boolean accountNonLocked = userEntity.isAccountNonLocked();
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
User user = new User(username,password,enabled,accountNonExpired,credentialsNonExpired,accountNonLocked,authorities);
return user;
}
}
@Service
public class PersonServiceImpl implements PersonService {
private PersonDAO personDAO;
@Override
public Person getCurrentlyAuthenticatedUser() throws Exception{
Authentication a = SecurityContextHolder.getContext().getAuthentication();
if(a == null) {
System.out.println("Authentication Failure");
return null;
}else {
System.out.println("Authentication is not null");
Person currentUser = (Person) a.getPrincipal(); // throws nullpointer exception here
if(currentUser == null){
System.out.println("Getauthenticcated User didnt find user");
return null;
}else {
System.out.println("We have currently authenticated user");
return currentUser;
}
}
<import resource="servlet-context.xml" />
<!-- Global Security settings -->
<security:global-method-security pre-post-annotations="enabled" />
<security:http pattern="/" security="none" />
<security:http create-session="ifRequired" use-expressions="true" auto-config="false" disable-url-rewriting="true">
<security:port-mappings>
<security:port-mapping http="80" https="443"/>
</security:port-mappings>
<security:session-management session-fixation-protection="migrateSession" invalid-session-url="/invalidSession.html">
<security:concurrency-control max-sessions="3" error-if-maximum-exceeded="true" expired-url="/sessionExpired.html"/>
</security:session-management>
<security:form-login login-page="/login" default-target-url="/note/add" always-use-default-target="true" authentication-failure-url="/login?error"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="LoginServiceImpl" />
</security:authentication-manager>
<beans:bean id="daoAuthenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="LoginServiceImpl"/>
</beans:bean>
</beans>