如果我正确理解你的问题,我可以建议下一步。
首先,您必须实现包含用户信息的类。这个类必须继承自org.springframework.security.core.userdetails.User
:
public class CustomUserDetails extends User {
public CustomUserDetails(String username, String password,
Collection<? extends GrantedAuthority> authorities) {
super(username, password, authorities);
}
//for example lets add some person data
private String firstName;
private String lastName;
//getters and setters
}
下一步,您已经创建了自己的接口实现org.springframework.security.core.userdetails.UserDetailsService
:
@Service
public class CustomUserDetailService implements UserDetailsService{
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException{
if(StringUtils.isEmpty(userName))
throw new UsernameNotFoundException("User name is empty");
//if you don't use authority based security, just add empty set
Set<GrantedAuthority> authorities = new HashSet<>();
CustomUserDetails userDetails = new CustomUserDetails(userName, "", authorities);
//here you can load user's data from DB or from
//any other source and do:
//userDetails.setFirstName(firstName);
//userDetails.setLastName(lastName);
return userDetails;
}
}
如您所见,此类只有一种方法,您可以在其中加载和设置自定义用户详细信息。请注意,我用以下标记标记了该类@Service
注解。但您可以在 Java 配置或 XML 上下文中注册它。
现在,要在成功身份验证后访问您的用户数据,您可以使用下一种方法,此时 Spring 将自动在控制器的方法中传递主体:
@Controller
public class MyController{
@RequestMapping("/mapping")
public String myMethod(Principal principal, ModelMap model){
CustomUserDetails userDetails = (CustomUserDetails)principal;
model.addAttribute("firstName", userDetails.getFirstName());
model.addAttribute("lastName", userDetails.getLastName());
}
}
或者另一种方式:
@Controller
public class MyController{
@RequestMapping("/mapping")
public String myMethod(ModelMap model){
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
CustomUserDetails userDetails = (CustomUserDetails)auth.getPrincipal();
model.addAttribute("firstName", userDetails.getFirstName());
model.addAttribute("lastName", userDetails.getLastName());
}
}
这个方法可以用在其他Spring不自动传递principal的地方。
要在身份验证成功后转到特定地址,您可以使用SimpleUrlAuthenticationSuccessHandler
。只需在您的配置中创建它:
@Bean
public SavedRequestAwareAuthenticationSuccessHandler successHandler() {
SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
successHandler.setTargetUrlParameter("/succeslogin");
return successHandler;
}
并在您的配置中使用它:
http.formLogin()
.loginProcessingUrl("/login")
.permitAll()
.usernameParameter("email")
.passwordParameter("pass")
.successHandler(successHandler())
之后您可以创建控制器,它将从指定的 url 发送响应:
@Controller
@RequestMapping("/sucesslogin")
public class SuccessLoginController{
@RequestMapping(method = RequestMethod.POST)
public String index(ModelMap model, Principal principal){
//here you can return view with response
}
}
当然,您不仅可以返回视图,还可以返回 JSON 响应(使用@ResponseBody
注解),或者其他什么,取决于你的前端。
希望这会有所帮助。