当前位置:网站首页>SecurityContextHolder. getContext(). getAuthentication(). Getprincipal() gets username instead of userdetails
SecurityContextHolder. getContext(). getAuthentication(). Getprincipal() gets username instead of userdetails
2022-06-11 22:36:00 【Shan Xiaofeng】
1. Problem introduction
I am using SpringSecurity+JWT When doing authority authentication , @PreAuthorize("@el.check(‘system:user:query’)")
Use the above annotation to determine whether the user has method level operation permission , However, when using the method below to obtain the current login user, only the user name is obtained , instead of UserDetails object .
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
2. Solutions
Check whether it is saved after successful login Authentication auth
Although the print has been deleted , But the test can print auth Of , It includes UserDetails
@Override
protected void successfulAuthentication(HttpServletRequest req, HttpServletResponse res, FilterChain chain,
Authentication auth) throws IOException, ServletException {
SecurityUser user = (SecurityUser) auth.getPrincipal();
String token = tokenManager.createToken(user.getCurrentUserInfo().getAccount());
SecurityContextHolder.getContext().setAuthentication(auth);
redisUtil.set(user.getCurrentUserInfo().getAccount(),user, GlobalConstant.REDIS_SAVE_TIME);
log.info(" 3. Login successfully saved the user to redis And back to token=="+token);
ResponseUtil.out(res, ResultJson.ok().data(GlobalConstant.ACCESS_TOKEN, token));
}
And in the code below .getAuthentication().getPrincipal() What you get is username, Cause problems with certification
/** * Get the current login user * @return UserDetails */
public static UserDetails getCurrentUser() {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
throw new BizException(CommonEnum.STATUS_EXPIRED);
}
if (authentication.getPrincipal() instanceof UserDetails) {
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
UserDetailsService userDetailsService = SpringContextHolder.getBean(UserDetailsService.class);
return userDetailsService.loadUserByUsername(userDetails.getUsername());
}
throw new BizException(CommonEnum.NOT_FIND_LOGIN_INFORMATION);
}
Later, I found that there was no problem with the login authorization , But when asked to hold token When I came to authenticate, I made a mistake . Because I wrote it myself token Decision filter , So I checked the code again and again and finally found the problem : user.getUsername()
logger.info("4. More token Access authorization ==" + user.getAuthorities());
return new UsernamePasswordAuthenticationToken(user.getUsername(), null, user.getAuthorities());
Change to
UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
That's right
边栏推荐
- Glory earbud 3 Pro with three global first strong breakdowns flagship earphone Market
- Tkinter学习笔记(二)
- Matplotlib和tkinter学习笔记(一)
- SequenceList顺序表的实现
- IEEE浮点数尾数向偶舍入-四舍六入五成双
- Point cloud read / write (2): read / write TXT point cloud (space separated | comma separated)
- Exercise 11-2 find week (15 points)
- Message queue MySQL table that stores message data
- Stack栈的实现
- 电脑强制关机 oracle登录不上
猜你喜欢

遇到表格,手动翻页太麻烦?我教你写脚本,一页展示所有数据

如果重来一次高考,我要好好学数学!

Start notes under the Astro Pro binocular camera ROS

Precision twist jitter

Fastapi 5 - common requests and use of postman and curl (parameters, x-www-form-urlencoded, raw)

Why is the printer unable to print the test page
![[data mining time series analysis] restaurant sales forecast](/img/9a/5b93f447e38fcb5aa559d4c0d97098.png)
[data mining time series analysis] restaurant sales forecast

学1个月爬虫就月赚6000?别被骗了,老师傅告诉你爬虫的真实情况

leetcode 257. Binary Tree Paths 二叉树的所有路径(简单)

Explain asynchronous tasks in detail: the task of function calculation triggers de duplication
随机推荐
[matlab] second order saving response
[nodejs] electron installation
Tkinter study notes (IV)
习题8-8 判断回文字符串 (20 分)
Huawei equipment configuration hovpn
Basic operation and question type summary of binary tree
Number of classified statistical characters (15 points)
Xshell不小心按到ctrl+s造成页面锁定的解决办法
遇到表格,手动翻页太麻烦?我教你写脚本,一页展示所有数据
习题9-6 按等级统计学生成绩 (20 分)
360 online enterprise security cloud is open to small, medium and micro enterprises for free
NLP - fastText
A simple example of linear regression in machine learning
习题8-2 在数组中查找指定元素 (15 分)
利用SecureCRTPortable脚本功能完成网络设备的数据读取
IEEE754标准中的4种舍入模式
Simple example of logistic regression for machine learning
点云读写(二):读写txt点云(空格分隔 | 逗号分隔)
How to adjust the font blur of win10
Tkinter学习笔记(三)