我们有一个登录页面,用户将在其中输入用户凭据并在内部调用一个需要存储此令牌并传递给所有REST控制器的身份验证服务。我尝试在此类中配置bean作用域,但在出现异常的情况下使用了Spring 5。 X;
com.config.CustomAuthenticationProvider sessionScopedBean CustomAuthenticationProvider UserDetails !!! null 2020年6月20日上午11:52:37 org.apache.catalina.core.StandardWrapperValve调用
java.lang.ClassCastException:org.springframework.beans.factory.support.NullBean无法转换为com.utils.UserDetails
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private Logger logger = Logger.getLogger(getClass().getName());
private UserDetails userDetails;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String userName = authentication.getName();
String passWord = authentication.getCredentials().toString();
Result response;
try {
response = CustomClient.authenticate(userName, passWord);
} catch (Exception e) {
throw new BadCredentialsException("system authentication failed");
}
if (response != null && response.getToken() != null) {
//need to store this response.getToken() in session
logger.info("Token: " + response.getToken());
userDetails= new UserDetails();
userDetails.setToken(response.getToken());
logger.info("Authentication SUCCESS !!!");
return new UsernamePasswordAuthenticationToken(userName, passWord, Collections.emptyList());
} else {
logger.info("Authentication FAILED...");
throw new BadCredentialsException("authentication failed");
}
}
@Bean
@Scope(value = WebApplicationContext.SCOPE_SESSION, proxyMode = ScopedProxyMode.TARGET_CLASS)
public UserDetails sessionScopedBean() {
logger.info(" UserDetails !!!"+userDetails);
return userDetails;
}
@Override
public boolean supports(Class<?> auth) {
return auth.equals(UsernamePasswordAuthenticationToken.class);
}
}
为什么首先要创建会话作用域的UserDetails
bean?您可以通过执行以下操作来实现:
@GetMapping("/abc")
public void getUserProfile(@AuthenticationPrincipal UserDetails user ) {
...
}
要么
@GetMapping("/abc")
public void getUserProfile() {
SecurityContext securityContext = SecurityContextHolder.getContext();
UserDetails user = (UserDetails) securityContext.getAuthentication().getPrincipal();
}
注意:
在后台,spring HttpSessionSecurityContextRepository
用来将您的内容存储SecurityContext
在http会话中,并在每次请求时将其还原
以及更新的CustomAuthenticationProvider
@Component
public class CustomAuthenticationProvider implements AuthenticationProvider {
private Logger logger = Logger.getLogger(getClass().getName());
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
String userName = authentication.getName();
String passWord = authentication.getCredentials().toString();
Result response;
try {
response = CustomClient.authenticate(userName, passWord);
} catch (Exception e) {
throw new BadCredentialsException("system authentication failed");
}
if (response != null && response.getToken() != null) {
//need to store this response.getToken() in session
logger.info("Token: " + response.getToken());
UserDetails userDetails= new UserDetails();
userDetails.setToken(response.getToken());
logger.info("Authentication SUCCESS !!!");
return new UsernamePasswordAuthenticationToken(userDetails, passWord, Collections.emptyList());
} else {
logger.info("Authentication FAILED...");
throw new BadCredentialsException("authentication failed");
}
}
@Override
public boolean supports(Class<?> auth) {
return auth.equals(UsernamePasswordAuthenticationToken.class);
}
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句