Spring安全性从更深层访问UserDetailsS​​ervice

我有以下UserDetailsS​​ervice实现。
到目前为止,身份validation过程非常有效。
如何在“会话”中存储我的“MyUser bean”( 已成功登录 ),以便我可以在我的应用程序的其他区域中访问它

谢谢。 

@Transactional(readOnly = true) public class CustomUserDetailsService implements UserDetailsService { private EmployeesApi employeesApi = new EmployeesApi(); /** * Retrieves a user record containing the user's credentials and access. */ public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException { // Declare a null Spring User UserDetails user = null; try { MyUser employee = employeesApi.getByUserName(userName); user = new User( employee.getUserName(), employee.getPassword().toLowerCase(), true, true, true, true, getAuthorities(1) ); } catch (Exception e) { logger.error("Error in retrieving user"); throw new UsernameNotFoundException("Error in retrieving user"); } } ....

Spring Security已经为您在会话中存储了经过身份validation的用户的UserDetails

因此,在会话中存储MyUser的最简单方法是实现包含对MyUser的引用的自定义UserDetails

 public class MyUserDetails extends User { private MyUser myUser; public MyUserDetails(..., MyUser myUser) { super(...); this.myUser = myUser; } public MyUser getMyUser() { return myUser; } ... }

并从UserDetailsService返回它: 

 MyUser employee = employeesApi.getByUserName(userName); user = new MyUserDetails(..., myUser);

然后,您可以通过安全上下文轻松访问MyUser

 MyUser myUser = ((MyUserDetails) SecurityContextHolder .getContext().getAuthentication().getPrincipal()).getMyUser();

在Spring MVC控制器中: 

 @RequestMapping(...) public ModelAndView someController(..., Authentication auth) { MyUser myUser = ((MyUserDetails) auth.getPrincipal()).getMyUser(); ... }

在JSP中:
Interesting Posts

如何否定Java中的任何正则表达式

将代码作为函数参数传递

无法在java中实现A Star

请参阅调用方法的java注释

使用Java中的generics保证协变返回类型

如何在spring / hibernate / jpa中创建自动表创建?

Eclipse与IntelliJ热部署

JavaFX WebEngine上的UserAgent实现方法

在gwt中创建自定义按钮

如何让一个线程不冻结整个JFrame。 JAVA