java.lang.ClassCastException:org.springframework.security.core.userdetails.User无法强制转换为model.User
我在我的应用程序中使用Spring Security。 我需要在我的应用程序的控制器中登录用户详细信息。
为此,我使用此代码
User loggedInUser = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 但是在运行此代码时,我得到了classcastexception
java.lang.ClassCastException: org.springframework.security.core.userdetails.User cannot be cast to model.User
为了解决这个问题,我参考了这篇文章
最初我使用了CustomUserServiceDetails类
@Service("myUserDetailService") @Transactional public class CustomUserDetailsService implements UserDetailsService { private static final Logger logger = Logger.getLogger(CustomUserDetailsService.class); @Autowired private UserDAO userDAO; public UserDetails loadUserByUsername(String name) throws UsernameNotFoundException, DataAccessException { // returns the get(0) of the user list obtained from the db User domainUser = userDAO.getUser(name); logger.debug("User fetched from database in loadUserByUsername method " + domainUser); Set roles = domainUser.getRole(); logger.debug("role of the user" + roles); Set authorities = new HashSet(); for(Role role: roles){ authorities.add(new SimpleGrantedAuthority(role.getRole())); logger.debug("role" + role + " role.getRole()" + (role.getRole())); } boolean credentialNonExpired = true; return new org.springframework.security.core.userdetails.User(domainUser.getProfileName(), domainUser.getPassword(), domainUser.isAccountEnabled(), domainUser.isAccountNonExpired(), credentialNonExpired, domainUser.isAccountNonLocked(),authorities); } }
但在参考文章后,我从此处删除了GrantedAuthorities的设置并将其移至我的User类。 在我的User类中实现了spring-security UserDetails类
现在我的User类中有一个额外的属性
@Entity @Table(name = "user") public class User implements UserDetails { private Collection authorities;
用setMethod
public void setAuthorities(Set roles) { Set authorities = new HashSet(); for(Role role: roles){ authorities.add(new SimpleGrantedAuthority(role.getRole()));} }
答:我不知道如何将此属性映射到数据库。 现有的User表架构除了它甚至不是基本类型之外,不包含GrantedAuthority列。 我正在使用Hibernate进行对象映射。 任何人都可以建议我在控制器中获取用户类信息的正确方法吗?
B.我还考虑了扩展spring的User类并重载User类的构造函数的方法。 但是每当我在代码中的任何地方初始化我的用户时,我必须提供所有构造函数参数,这些参数根本不是很好。
修复了这个问题
解
创建了一个CustomUserDetail类,它实现了Spring的UserDetails接口。 注入我的模型User类。
public class CustomUserDetail implements UserDetails{ private static final long serialVersionUID = 1L; private User user; Set authorities=null; public User getUser() { return user; } public void setUser(User user) { this.user = user; } public Collection getAuthorities() { return authorities; } public void setAuthorities(Set authorities) { this.authorities=authorities; } public String getPassword() { return user.getPassword(); } public String getUsername() { return user.getProfileName(); } public boolean isAccountNonExpired() { return user.isAccountNonExpired(); } public boolean isAccountNonLocked() { return user.isAccountNonLocked(); } public boolean isCredentialsNonExpired() { return user.isCredentialsNonExpired(); } public boolean isEnabled() { return user.isAccountEnabled(); } }
CustomUserServiceDetails
public class CustomUserDetailsService implements UserDetailsService { @Autowired private UserDAO userDAO; public CustomUserDetail loadUserByUsername(String name) throws UsernameNotFoundException, DataAccessException { // returns the get(0) of the user list obtained from the db User domainUser = userDAO.getUser(name); Set roles = domainUser.getRole(); logger.debug("role of the user" + roles); Set authorities = new HashSet (); for(Role role: roles){ authorities.add(new SimpleGrantedAuthority(role.getRole())); logger.debug("role" + role + " role.getRole()" + (role.getRole())); } CustomUserDetail customUserDetail=new CustomUserDetail(); customUserDetail.setUser(domainUser); customUserDetail.setAuthorities(authorities); return customUserDetail; } }
在我的控制器方法中
CustomUserDetail myUserDetails = (CustomUserDetail) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); Integer userId=myUserDetails.getUser().getUserId(); //Fetch the custom property in User class
而不是使用
User loggedInUser = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
试试这个
Authentication loggedInUser = SecurityContextHolder.getContext().getAuthentication(); String username = loggedInUser.getName();
参考文献: https : //www.mkyong.com/spring-security/get-current-logged-in-username-in-spring-security/
方法.getPrincipal()返回创建的对象,并在方法loadUserByUsername中返回它。
如果你想要一个用户,你必须在方法loadUserByUsername中返回一个User,而不是org.springframework.security.core.userdetails.User