Я пытаюсь получить зарегистрированного пользователя в моем проекте весенней загрузки.мои сущности и их отношения приведены ниже: -
User.java
@Entity
@Table(name = "user_account")
public class User {
@Id
@Column(unique = true, nullable = false)
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
private String email;
private String username;
private String userType;
@OneToOne(mappedBy = "user")
private BankUserDetails bankUserDetails;
@OneToOne(mappedBy ="user")
private SctUserDetails sctUserDetails;
@Column(length = 60)
private String password;
private boolean enabled;
@ManyToMany(fetch = FetchType.EAGER)
@JoinTable(name = "users_roles", joinColumns =
@JoinColumn(name = "user_id", referencedColumnName = "id"),
inverseJoinColumns = @JoinColumn(name = "role_id",
referencedColumnName = "id"))
private Collection<Role> roles;
public User() {
super();
this.enabled = true;
}
}
Role.java
@Entity
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@ManyToMany(mappedBy = "roles")
private Collection<User> users;
@ManyToMany()
@JoinTable(name = "roles_privileges", joinColumns =
@JoinColumn(name = "role_id", referencedColumnName = "id"),
inverseJoinColumns = @JoinColumn(name = "privilege_id",
referencedColumnName = "id"))
private Collection<Privilege> privileges;
private String name;
public Role() {
super();
}
public Role(final String name) {
super();
this.name = name;
}
}
Privilege.java
@Entity
public class Privilege {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
private String name;
@ManyToMany(mappedBy = "privileges")
private Collection<Role> roles;
public Privilege() {
super();
}
public Privilege(final String name) {
super();
this.name = name;
}
, поэтому на моем контроллере (на данный момент) я пытаюсь напечатать пользователя, вошедшего в систему в данный момент, следующим образом: -
@RequestMapping("/admin")
public String adminPage(Model model){
System.out.println("logged user "+UserController.getLoggedInUser());
return "admin";
}
в моем классе UserController я определил один статический метод для извлечения текущего пользователя, вошедшего в систему следующим образом: -
public static String getLoggedInUser(){
String username = null;
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if(principal instanceof UserDetails){
username = ((UserDetails) principal).getUsername();
}else {
username = principal.toString();
}
return username;
}
мой класс конфигурации безопасности Spring выглядит следующим образом: -
@Configuration
@ComponentScan(basePackages = { "com.infodev.pcms.security" })
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService userDetailsService;
@Autowired
private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
@Autowired
private CustomLogoutSuccessHandler myLogoutSuccessHandler;
@Autowired
private AuthenticationFailureHandler authenticationFailureHandler;
/*@Autowired
private CustomWebAuthenticationDetailsSource authenticationDetailsSource;*/
private BCryptPasswordEncoder passwordEncoder() {
return SecurityUtils.passwordEncoder();
}
@Autowired
private UserRepository userRepository;
public SecSecurityConfig() {
super();
}
private static final String[] PUBLIC_MATCHERS = {
"/css/**",
"/js/**",
"/images/**",
"**/",
"/newUser",
"/forgetPassword",
"/login",
"/uploads/**",
"/assets/**",
"/api/updateCardStatus"
};
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider());
}
@Override
public void configure(final WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**","/listAllUsers/**");
}
@Override
protected void configure(final HttpSecurity http) throws Exception {
// @formatter:off
http
.authorizeRequests()
/* antMatchers("/**").*/
.antMatchers(PUBLIC_MATCHERS).
permitAll().anyRequest().authenticated();
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/login*","/login*", "/logout*", "/signin/**",
"/signup/**", "/customLogin",
"/user/registration*", "/registrationConfirm*",
"/expiredAccount*", "/registration*",
"/badUser*", "/user/resendRegistrationToken*" ,
"/forgetPassword*", "/user/resetPassword*",
"/user/changePassword*", "/emailError*", "/resources/**",
"/old/user/registration*","/successRegister*","/qrcode*").permitAll()
.antMatchers("/invalidSession*").anonymous()
.antMatchers("/user/updatePassword*","/user/savePassword*","/updatePassword*")
.hasAuthority("CHANGE_PASSWORD_PRIVILEGE")
.anyRequest().hasAuthority("READ_PRIVILEGE")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/homepage.html")
.failureUrl("/login?error=true")
.successHandler(myAuthenticationSuccessHandler)
.failureHandler(authenticationFailureHandler)
.permitAll()
.and()
.sessionManagement()
.invalidSessionUrl("/invalidSession.html")
.maximumSessions(1).sessionRegistry(sessionRegistry()).and()
.sessionFixation().none()
.and()
.logout()
.logoutSuccessHandler(myLogoutSuccessHandler)
.invalidateHttpSession(false)
.deleteCookies("JSESSIONID")
.permitAll();
}
// beans
@Bean
public DaoAuthenticationProvider authProvider() {
final CustomAuthenticationProvider authProvider =
new CustomAuthenticationProvider();
authProvider.setUserDetailsService(userDetailsService);
authProvider.setPasswordEncoder(passwordEncoder());
return authProvider;
}
@Bean
public SessionRegistry sessionRegistry() {
return new SessionRegistryImpl();
}
}
MyCustomUserDetails
@Override
public UserDetails loadUserByUsername(final String username)
throws UsernameNotFoundException {
final String ip = getClientIP();
if (loginAttemptService.isBlocked(ip)) {
throw new RuntimeException("blocked");
}
try {
final User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException
("No user found with username: " + username);
}
org.springframework.security.core.userdetails.User usr=
new org.springframework.security.core.userdetails.User
(user.getUsername(), user.getPassword(), user.isEnabled(),
true, true, true, getAuthorities(user.getRoles()));
return usr;
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
// UTIL
private final Collection<? extends GrantedAuthority>
getAuthorities(final Collection<Role> roles) {
return getGrantedAuthorities(getPrivileges(roles));
}
private final List<String> getPrivileges(final Collection<Role> roles) {
final List<String> privileges = new ArrayList<String>();
final List<Privilege> collection = new ArrayList<Privilege>();
for (final Role role : roles) {
collection.addAll(role.getPrivileges());
}
for (final Privilege item : collection) {
privileges.add(item.getName());
}
return privileges;
}
private final List<GrantedAuthority> getGrantedAuthorities
(final List<String> privileges) {
final List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (final String privilege : privileges) {
authorities.add(new SimpleGrantedAuthority(privilege));
}
return authorities;
}
, когда метод adminPage вызывает его, как и ожидалось, вызывает getLoggedInUser(), но он не попадает в строку if(principal instanceof UserDetails){.скорее он выполнит предложение else и вернет весь объект user.
Мне нужно получить зарегистрированного пользователя на моем контроллере.как мне это сделать ?