Spring Security Basic Auth中的自定义登录响应
我有一个名为“user\u detail”的表,其中有firstname、lastname、username和password列 当前,当我在/login控制器中给出用户名、密码时,它将使用表数据进行验证。我希望在成功登录时返回名字 下面是我的代码Spring Security Basic Auth中的自定义登录响应,spring,spring-mvc,spring-security,Spring,Spring Mvc,Spring Security,我有一个名为“user\u detail”的表,其中有firstname、lastname、username和password列 当前,当我在/login控制器中给出用户名、密码时,它将使用表数据进行验证。我希望在成功登录时返回名字 下面是我的代码 public class LoginController { @GetMapping(path = "/login") public LoginResponse login() { return new Login
public class LoginController {
@GetMapping(path = "/login")
public LoginResponse login() {
return new LoginResponse("You are authenticated");
}
}
@Configuration
@EnableWebSecurity
public class SpringSecurityConfigurationBasicAuth extends WebSecurityConfigurerAdapter {
@Autowired
MongoUserDetailsService userDetailsService;
@Override
protected void configure(HttpSecurity http) throws Exception {
AuthenticationEntryPoint entryPoint = new CustomAuthenticationEntryPoint();
http
.csrf().disable()
.authorizeRequests().anyRequest().authenticated()
.and().httpBasic().authenticationEntryPoint(entryPoint).and()
.exceptionHandling().authenticationEntryPoint(entryPoint)
.and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
http.cors().configurationSource(request -> new CorsConfiguration().applyPermitDefaultValues());
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(AuthenticationManagerBuilder builder) throws Exception {
builder.userDetailsService(userDetailsService);
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/user-registration/users");
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
CorsConfiguration configuration = new CorsConfiguration();
configuration.setAllowCredentials(true);
configuration.setAllowedOrigins(Arrays.asList("http://localhost:3000"));
configuration.setAllowedMethods(Arrays.asList("GET"));
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration("/**", configuration);
return source;
}
}
public @Data class LoginResponse {
private String message;
public LoginResponse(String message) {
this.message = message;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
@Component
public class MongoUserDetailsService implements UserDetailsService {
@Autowired
MongoOperations mongoOperations;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Query query = new Query(Criteria.where("emailId").is(username));
List<UserDetailData> user = mongoOperations.find(query, UserDetailData.class, "user_details");
if (CollectionUtils.isEmpty(user)) {
throw new UsernameNotFoundException("User not found");
}
List<SimpleGrantedAuthority> authorities = Arrays.asList(new SimpleGrantedAuthority("user"));
return new User(user.get(0).getEmailId(), user.get(0).getPassword(), authorities);
}
}
公共类登录控制器{
@GetMapping(路径=“/login”)
公共登录响应登录(){
返回新的登录回复(“您已通过身份验证”);
}
}
@配置
@启用Web安全性
公共类SpringSecurityConfiguration Basicauth扩展了WebSecurity配置适配器{
@自动连线
MongoUserDetailsService用户详细信息服务;
@凌驾
受保护的无效配置(HttpSecurity http)引发异常{
AuthenticationEntryPoint entryPoint=新的CustomAuthenticationEntryPoint();
http
.csrf().disable()
.authorizeRequests().anyRequest().authorized()
.and().httpBasic().authenticationEntryPoint(entryPoint).and()
.exceptionHandling().authenticationEntryPoint(入口点)
.和().sessionManagement().sessionCreationPolicy(sessionCreationPolicy.STATELESS);
http.cors().configurationSource(请求->新建corscoConfiguration().applyPermitDefaultValues());
}
@豆子
公共密码编码器PasswordEncoder(){
返回新的BCryptPasswordEncoder();
}
@凌驾
public void configure(AuthenticationManagerBuilder)引发异常{
builder.userDetailsService(userDetailsService);
}
@凌驾
public void configure(WebSecurity web)引发异常{
忽略().antMatchers(“/user registration/users”);
}
@豆子
CorsConfiguration源CorsConfiguration源(){
CorsConfiguration配置=新的CorsConfiguration();
配置.setAllowCredentials(true);
configuration.setAllowedOriginates(Arrays.asList(“http://localhost:3000"));
setAllowedMethods(Arrays.asList(“GET”);
UrlBasedCorsConfigurationSource=新的UrlBasedCorsConfigurationSource();
source.registerCorsConfiguration(“/**”,配置);
返回源;
}
}
public@Data class LoginResponse{
私有字符串消息;
公共登录应答(字符串消息){
this.message=消息;
}
公共字符串getMessage(){
返回消息;
}
公共无效设置消息(字符串消息){
this.message=消息;
}
}
@组成部分
公共类MongoUserDetailsService实现UserDetailsService{
@自动连线
MongoOperations MongoOperations;
@凌驾
public UserDetails loadUserByUsername(字符串用户名)引发UsernameNotFoundException{
Query Query=新查询(Criteria.where(“emailId”).is(username));
List user=mongoOperations.find(查询,UserDetailData.class,“user_details”);
if(CollectionUtils.isEmpty(用户)){
抛出新的UsernameNotFoundException(“未找到用户”);
}
列表权限=Arrays.asList(新的SimpleGrantedAuthority(“用户”);
返回新用户(User.get(0.getEmailId(),User.get(0.getPassword(),authorities));
}
}
当前,它返回“You is authenticated”(您已通过身份验证),而不是此用户名。我希望从数据库中获取该用户名的用户名。您可以尝试使用http.successHandler(handler)。在最基本的情况下,处理程序可以扩展
SimpleRuthenticationSuccessHandler
类。此处理程序在身份验证后将用户重定向到任意url
如果firstname是从DB中提取的,则可以使用自定义用户对象传递它:
public class ExtendedUser extends User {
private static final long serialVersionUID = -1;
private String name;
ExtendedUser(String email, String password, boolean enabled,
Collection<? extends GrantedAuthority> authorities,
String name) {
super(email, password, enabled, true, true, true, authorities);
this.name = name;
}
// getter and setter
}
公共类扩展程序扩展用户{
私有静态最终长serialVersionUID=-1;
私有字符串名称;
ExtendeDeduser(字符串电子邮件、字符串密码、启用布尔值、,
Collectionwe无法为httpBasic()执行http.successHandler()。