当前位置:网站首页>SecurityContextHolder.getContext().getAuthentication().getPrincipal()获取到的是username而不是UserDetails
SecurityContextHolder.getContext().getAuthentication().getPrincipal()获取到的是username而不是UserDetails
2022-06-11 22:34:00 【单筱风】
1.问题引入
我在使用SpringSecurity+JWT做权限认证的时候, @PreAuthorize("@el.check(‘system:user:query’)")
使用上面这个注解判断用户是否有拥有方法级的操作权限,但是在使用下方这个方法获取当前登陆用户时只获取到了用户名,而不是UserDetails对象。
SecurityContextHolder.getContext().getAuthentication().getPrincipal()
2.解决思路
查看登陆成功后是否保存了 Authentication auth
虽然已删除打印,但是测试时是能打印auth的,其中包含UserDetails
@Override
protected void successfulAuthentication(HttpServletRequest req, HttpServletResponse res, FilterChain chain,
Authentication auth) throws IOException, ServletException {
SecurityUser user = (SecurityUser) auth.getPrincipal();
String token = tokenManager.createToken(user.getCurrentUserInfo().getAccount());
SecurityContextHolder.getContext().setAuthentication(auth);
redisUtil.set(user.getCurrentUserInfo().getAccount(),user, GlobalConstant.REDIS_SAVE_TIME);
log.info(" 3.登录成功保存用户达到redis并返回token=="+token);
ResponseUtil.out(res, ResultJson.ok().data(GlobalConstant.ACCESS_TOKEN, token));
}
而下方代码中.getAuthentication().getPrincipal()获取到的是username,导致认证出现问题
/** * 获取当前登录的用户 * @return UserDetails */
public static UserDetails getCurrentUser() {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null) {
throw new BizException(CommonEnum.STATUS_EXPIRED);
}
if (authentication.getPrincipal() instanceof UserDetails) {
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
UserDetailsService userDetailsService = SpringContextHolder.getBean(UserDetailsService.class);
return userDetailsService.loadUserByUsername(userDetails.getUsername());
}
throw new BizException(CommonEnum.NOT_FIND_LOGIN_INFORMATION);
}
后来才发现登陆授权是没有出问题的,但是当请求拿着token来鉴权的时候却出错了。因为我自己写的token判定过滤器,所以我反复检查代码终于发现问题: user.getUsername()
logger.info("4.更具token访问授权==" + user.getAuthorities());
return new UsernamePasswordAuthenticationToken(user.getUsername(), null, user.getAuthorities());
改成
UsernamePasswordAuthenticationToken(user, null, user.getAuthorities());
就正确了
边栏推荐
- Tkinter study notes (IV)
- MATLAB点云处理(二十四):点云中值滤波(pcmedian)
- 論文閱讀《Dense Visual SLAM for RGB-D Cameras》
- Dynamics 365 option set operation
- Unity3D getLaunchIntentForPackage 获取包返回null问题
- [Chongqing Guangdong education] college physics of Xiangtan University: mechanical and thermal reference materials
- Introduction to MySQL transactions
- SVN本地部署server和cleint 并用阿里云盘自动备份
- 被忽略的技巧:位运算
- Matlab point cloud processing (XXIV): point cloud median filtering (pcmedian)
猜你喜欢
Tkinter study notes (IV)
【解决】修改子物体Transform信息导致变换不对称、异常问题的解决方案
![[Yu Yue education] Yancheng Normal University Advanced Algebra reference](/img/3f/cd7f6f420fb1d453acca9aa73665ba.jpg)
[Yu Yue education] Yancheng Normal University Advanced Algebra reference
Prefabricated dishes in the trillion market have also begun to roll inside. How can brands stand out in the fierce competition?
If I take the college entrance examination again, I will study mathematics well!
NLP - fastText
Tkinter学习笔记(三)
![[Yu Yue education] calculus of Zhejiang University in autumn and winter 2021 (I) reference materials](/img/0a/58df3fd771d58c66245397d131fa53.png)
[Yu Yue education] calculus of Zhejiang University in autumn and winter 2021 (I) reference materials
电脑强制关机 oracle登录不上
The device is in use when win10 ejects USB
随机推荐
Sword finger offer array question type summary
机器学习之线性回归简单实例
0-1 knapsack problem of dynamic programming (detailed explanation + analysis + original code)
【Uniapp 原生插件】商米钱箱插件
Leetcode - day 2
Exercise 9-6 statistics of student scores by grade (20 points)
使用VBScript读取网络的日志数据进行处理
二叉树的基本操作与题型总结
【数据挖掘时间序列分析】餐厅销量预测
Number of classified statistical characters (15 points)
LeetCode栈题目总结
BUUCTF(5)
A simple example of linear regression in machine learning
Read dense visual slam for rgb-d cameras
习题8-2 在数组中查找指定元素 (15 分)
图书管理系统
【JS】1347- localStorage 的高阶用法
Are you still using localstorage directly? It's time to raise the bar
Stack栈的实现
仅需三步学会使用低代码ThingJS与森数据DIX数据对接