图1 UserDetails的类图 UserDetails这个类的目的,《Pro Spring Security》的chapter3中,原文,"The interface org.springframework.security.core.userdetails.UserDetails...Authentication object, and they can be obtained by calling the getPrincipal method on it" 我们可以自己实现这个Userdetails...接口,保存我们想要的用户信息,之后将这个UserDetails的实现类放在Authentication中,通过Authentication.getPrincipal()获得。
本篇将通过 Spring Boot 2.x 来讲解 Spring Security 中的用户主体UserDetails。以及从中找点乐子。 2....3.2 UserDetails 从上面UserDetailsService 可以知道最终交给Spring Security的是UserDetails 。该接口是提供用户信息的核心接口。...通常我们使用其实现类: org.springframework.security.core.userdetails.User 该类内置一个建造器UserBuilder 会很方便地帮助我们构建UserDetails...该管理器通过配置注入了一个默认的UserDetails存在内存中,就是我们上面用的那个user ,每次启动user都是动态生成的。...org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails
public void setUserCache(UserCache userCache) { this.userCache = userCache; } public UserDetails...loadUserByUsername(String username) { UserDetails user = this.userCache.getUserFromCache(username...因为我打算使用EhCache来缓存UserDetails,所以需要使用Spring的EhCacheBasedUserCache类,该类是UserCache接口的实现类,主要是缓存操作。...缓存UserDetails到Ehcache的具体实现如下: ehcache.xml <?xml version="1.0" encoding="UTF-8"?
1 CachingUserDetailsService Spring Security提供了一个实现了可以缓存UserDetails的UserDetailsService实现类,CachingUserDetailsService...该类的构造接收一个用于真正加载UserDetails的UserDetailsService实现类 当需要加载UserDetails时,其首先会从缓存中获取,如果缓存中没有对应的UserDetails...UserDetails与缓存的交互是通过UserCache接口来实现的 CachingUserDetailsService默认拥有UserCache的一个空实现引用NullUserCache...当缓存中不存在对应的UserDetails时将使用引用的UserDetailsService类型的delegate进行加载 加载后再把它存放到Cache中并进行返回 除了NullUserCache...) element.getValue(); } } public void putUserInCache(UserDetails user) { Element
package org.springframework.security.core.userdetails; public interface UserDetailsService { UserDetails... loadUserByUsername(String var1) throws UsernameNotFoundException; } UserDetails.java package org.springframework.security.core.userdetails... java.util.Collection; import org.springframework.security.core.GrantedAuthority; public interface UserDetails...Authentication有已认证和未认证两种状态,在作为参数传入认证管理器的时候,它是一个未认证的对象,它从客户端获取用户名/密码,并由系统自动构成一个Authentication对象;而UserDetails...代表的是一个用户安全信息的源,这个源可以是从数据库获取,Spring Security要做的就是将这个为认证的Authentication对象和UserDetails进行匹配,成功后将UserDetails
661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test} 在后台获取 UserDetails...userDetails = (UserDetails) SecurityContextHolder.getContext() .getAuthentication() .getPrincipal...import org.springframework.security.core.userdetails.UserDetails import org.springframework.web.bind.annotation.GetMapping...UserDto.success = true val loginUser = UserController.UserDto.LoginUser() val UserDetails...loginUser.username = UserDetails.username UserDto.loginUser = loginUser
token, UserDetails userDetails):判断token是否还有效 package com.macro.mall.tiny.common.utils; import io.jsonwebtoken.Claims...import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.userdetails.UserDetails...从数据库中查询出来的用户信息 */ public boolean validateToken(String token, UserDetails userDetails) {...org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails...new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails...(userDetails); String token = jwtTokenUtil.generateToken(userDetails); response.addHeader...UserDetails userDetails = this.userDetailsService.loadUserByUsername(username); //对于简单的验证,仅检查令牌完整性就足够了...authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities...import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails...userDetails) { Map claims = new HashMap(2); claims.put("sub", userDetails.getUsername...userDetails) { JwtUser user = (JwtUser) userDetails; String username = getUsernameFromToken...= new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities...; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService
验证身份就是加载响应的UserDetails,看看是否和用户输入的账号、密码、权限等信息匹配。...包含 GrantedAuthority 的 UserDetails对象在构建 Authentication对象时填入数据。...; public interface UserDetailsService { UserDetails loadUserByUsername(String var1) throws...返回值是UserDetails,我们来看下这个类的源码 UserDetails类的源码 // // Source code recreated from a .class file by IntelliJ...IDEA // (powered by FernFlower decompiler) // package org.springframework.security.core.userdetails;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails... userDetails) { Map claims = new HashMap(2); claims.put("sub", userDetails.getUsername... userDetails) { JwtUser user = (JwtUser) userDetails; String username = getUsernameFromToken...= new UsernamePasswordAuthenticationToken(userDetails,null,userDetails.getAuthorities...; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService
getUserDetails(@AuthenticationPrincipal UserDetails userDetails) { return userDetails; } 23....扩展UserDetails 通过以上注入@AuthenticationPricipal UserDetails userDetails后可以获取用户的信息,但是,对象中封装的信息可能不足以满足编程需求,...如果需要存在这些属性,就需要自定义类,扩展自UserDetails!...然后,在业务层处理用户登录时,使用以上创建的UserInfo类型的对象作为返回值对象: // 组织“用户详情”对象 UserDetails userDetails = org.springframework.security.core.userdetails.User...(), userDetails.getPassword(), userDetails.isEnabled(), userDetails.isAccountNonExpired
class JwtTokenUtil { private String secret = "my-secret-key"; public String generateToken(UserDetails...userDetails) { Map claims = new HashMap(); return doGenerateToken(...claims, userDetails.getUsername()); } private String doGenerateToken(Map claims...userDetails) { final String username = getUsernameFromToken(token); return (username.equals...(userDetails.getUsername()) && !
= null && SecurityContextHolder.getContext().getAuthentication() == null) { UserDetails...(authToken, userDetails)) { UsernamePasswordAuthenticationToken authentication =...new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());...userDetails = loadUserByUsername(username); if(!...authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities
(userDetails.getUsername()) && !...= null && SecurityContextHolder.getContext().getAuthentication() == null) { UserDetails userDetails...(userDetails.getUsername()) && !...= null && SecurityContextHolder.getContext().getAuthentication() == null) { UserDetails userDetails...(userDetails.getUsername()) && !
org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails...* 通常,子类至少会将 Authentication#getCredentials()与 UserDetails#getPassword()比较。...void additionalAuthenticationChecks(UserDetails userDetails,...org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UserDetails...*/ @SneakyThrows @Override protected void additionalAuthenticationChecks(UserDetails userDetails
验证身份就是加载响应的UserDetails,看看是否和用户输入的账号、密码、权限等信息匹配。...包含 GrantedAuthority 的 UserDetails对象在构建 Authentication对象时填入数据。...; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService...= LogManager.getLogger(FavUserDetailService.class); /** * 根据用户名获取用户 - 用户的角色、权限等信息 */ public UserDetails...loadUserByUsername(String username) throws UsernameNotFoundException { UserDetails userDetails
encoder.encode("123456")).roles("common"); } } 启动项目,需要输入上面定义好的账户密码才能进行登录,这里有三张表,分别为用户、权限、用户-权限表 3.使用UserDetails...对象,交给SpringSecurity进行身份认证*/ @Override public UserDetails loadUserByUsername(String s) throws...=null) { /*将用户名、密码、用户权限封装成UserDetails对象*/ UserDetails userDetails = new...User(user.getUsername(),encoder.encode(user.getPassword()),authorityList); return userDetails...{ throw new UsernameNotFoundException("用户不存在"); } } } 在SecurityConfig类内配置根据UserDetails
){ UserDetails userDetails = (UserDetails) principal; System.out.println(userDetails.getUsername...接下来将看到,Spring Security中的认证大都返回一个 UserDetails的实例作为principa。...UserDetails是Spring Security中的一个核心接口。它表示一个principal,但是是可扩展的、特定于应用的。...可以认为 UserDetails是数据库中用户表记录和Spring Security在 SecurityContextHolder中所必须信息的适配器。...public interface UserDetails extends Serializable { // 对应的权限 Collection<?
领取专属 10元无门槛券
手把手带您无忧上云
云服务器
ICP备案
实时音视频
对象存储
即时通信 IM
