如何从 jdbc 用户服务获取用户信息
how to get user info from jdbc user service
我正在使用 spring 安全授权来保护用户登录我的应用程序,方法是使用以下代码:
<jdbc-user-service data-source-ref="dataSource" users-by-username-query="SELECT username, password as password,1 as enabled FROM users WHERE username=?" authorities-by-username-query="SELECT username, authority,1 as enabled FROM users WHERE username =?" />
有什么方法可以将其他字段添加到此查询 ex:ID,电子邮件 ...?
这仅用于身份验证,用户登录后,您可以像这样检查登录用户:
@RequestMapping(path="loggedInUser", method={RequestMethod.GET}, produces={MediaType.APPLICATION_JSON_UTF8_VALUE})
@ResponseBody
public User getLoggedInUser(Principal principal) throws SQLException{
return database.getUser(principal.getName());
}
或者您只需 return 用户名和 principal.getName()
如果你想从数据库加载完整的自定义用户对象,然后在SecurityContextHolder
/Session
中设置它,更好的方法是使用自定义UserDetailService
创建自定义用户实体:
首先根据你的数据库创建一个简单的自定义用户实体table
@Entity
@Table(name = "users")
public class SecurityUser implements Serializable{
/**
*
*/
private static final long serialVersionUID = 1L;
@Id
@Column(name = "username", nullable = false, unique = true)
private String username;
@Column(name = "password", nullable = false)
@NotNull
private String password;
@Column(name = "type", nullable = false)
@NotNull
private String type;
@Column(name = "full_name", nullable = false)
@NotNull
private String fullName;
@Column(name = "email", nullable = false)
@NotNull
private String email;
//Gettters & Setters plus Default constructor
}
创建一个 repository/DAO 用于从数据库访问上述用户
@Repository
public interface UserRepository extends JpaRepository<SecurityUser, Long> {
SecurityUser findByUsername(String username);
}
为扩展 Spring 的 User
的登录用户创建自定义用户对象
public class CurrentUser extends User {
/**
*
*/
private static final long serialVersionUID = 1L;
private SecurityUser securityUser;
public CurrentUser(SecurityUser securityUser) {
super(securityUser.getUsername(), securityUser.getPassword(), AuthorityUtils.createAuthorityList(securityUser.getRole().toString()));
this.securityUser = securityUser;
}
public SecurityUser getSecurityUser() {
return securityUser;
}
public String getRole() {
return securityUser.getRole();
}
}
创建自定义用户详细信息服务
@Service
public class CurrentUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userService;
@Autowired
public CurrentUserDetailsService(UserRepository userService) {
this.userService = userService;
}
public CurrentUserDetailsService() {
}
@Override
public CurrentUser loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
SecurityUser user = userService.findByUsername(username);
return new CurrentUser(user);
}
}
在配置中设置 UserDetailService
由于您使用的是基于 XML 的配置,因此在配置文件中执行如下操作:
<bean id="myUserDetailsService"
class="complete-path-to-serviceClasss.MyUserDetailsService"/>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="myUserDetailsService" >
<security:password-encoder ref="passwordEncoder">
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
现在在任何地方,如果你在用户登录时执行以下行,它会给你 CurrentUser
包含所有数据的对象
CurrentUser user = SecurityContextHolder.getContext().getAuthentication().getPrincipal()
我正在使用 spring 安全授权来保护用户登录我的应用程序,方法是使用以下代码:
<jdbc-user-service data-source-ref="dataSource" users-by-username-query="SELECT username, password as password,1 as enabled FROM users WHERE username=?" authorities-by-username-query="SELECT username, authority,1 as enabled FROM users WHERE username =?" />
有什么方法可以将其他字段添加到此查询 ex:ID,电子邮件 ...?
这仅用于身份验证,用户登录后,您可以像这样检查登录用户:
@RequestMapping(path="loggedInUser", method={RequestMethod.GET}, produces={MediaType.APPLICATION_JSON_UTF8_VALUE})
@ResponseBody
public User getLoggedInUser(Principal principal) throws SQLException{
return database.getUser(principal.getName());
}
或者您只需 return 用户名和 principal.getName()
如果你想从数据库加载完整的自定义用户对象,然后在SecurityContextHolder
/Session
中设置它,更好的方法是使用自定义UserDetailService
创建自定义用户实体:
首先根据你的数据库创建一个简单的自定义用户实体table
@Entity
@Table(name = "users")
public class SecurityUser implements Serializable{
/**
*
*/
private static final long serialVersionUID = 1L;
@Id
@Column(name = "username", nullable = false, unique = true)
private String username;
@Column(name = "password", nullable = false)
@NotNull
private String password;
@Column(name = "type", nullable = false)
@NotNull
private String type;
@Column(name = "full_name", nullable = false)
@NotNull
private String fullName;
@Column(name = "email", nullable = false)
@NotNull
private String email;
//Gettters & Setters plus Default constructor
}
创建一个 repository/DAO 用于从数据库访问上述用户
@Repository
public interface UserRepository extends JpaRepository<SecurityUser, Long> {
SecurityUser findByUsername(String username);
}
为扩展 Spring 的 User
的登录用户创建自定义用户对象
public class CurrentUser extends User {
/**
*
*/
private static final long serialVersionUID = 1L;
private SecurityUser securityUser;
public CurrentUser(SecurityUser securityUser) {
super(securityUser.getUsername(), securityUser.getPassword(), AuthorityUtils.createAuthorityList(securityUser.getRole().toString()));
this.securityUser = securityUser;
}
public SecurityUser getSecurityUser() {
return securityUser;
}
public String getRole() {
return securityUser.getRole();
}
}
创建自定义用户详细信息服务
@Service
public class CurrentUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userService;
@Autowired
public CurrentUserDetailsService(UserRepository userService) {
this.userService = userService;
}
public CurrentUserDetailsService() {
}
@Override
public CurrentUser loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
SecurityUser user = userService.findByUsername(username);
return new CurrentUser(user);
}
}
在配置中设置 UserDetailService
由于您使用的是基于 XML 的配置,因此在配置文件中执行如下操作:
<bean id="myUserDetailsService"
class="complete-path-to-serviceClasss.MyUserDetailsService"/>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="myUserDetailsService" >
<security:password-encoder ref="passwordEncoder">
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
现在在任何地方,如果你在用户登录时执行以下行,它会给你 CurrentUser
包含所有数据的对象
CurrentUser user = SecurityContextHolder.getContext().getAuthentication().getPrincipal()