Spring Security Principal 在 @PostConstruct 中无法工作。

huangapple go评论80阅读模式
英文:

Spring security Principal won't work with @PostConstruct

问题

以下是您要翻译的内容:

我有一个包含此函数的托管Bean,该函数返回已登录用户的用户名:

public String getConnectedUser() {
    SecurityContext context = SecurityContextHolder.getContext();
    Authentication authentication = context.getAuthentication();
    if (authentication == null)
        return null;
    Object principal = authentication.getPrincipal();
    if (principal instanceof UserDetails) {
        return ((UserDetails) principal).getUsername();
    } else {
        return principal.toString();
    }
}

我想使用从Spring Security获取的用户名从我的DAO中获取用户。当我在@PostConstruct方法中调用它时,它不返回任何内容。

@PostConstruct
public void init() {
    user = utilisateurService.getUtilisateurByLogin(getConnectedUser());
}

但是当我在JSF中调用它时,它会显示正确的已登录用户名:

<h:outputText value="Logged as : #{testMB.getConnectedUser()}" />

总结:使用init函数在视图中我得不到任何内容,但在JSF调用中我得到了用户名,有人可以帮助我吗?

编辑:我运行了一些测试,结果显示认证为null,尽管我已登录。

英文:

I have a managedbean which contains this function that returns the username of the logged in user:

public String getConnectedUser( ){	
    SecurityContext context = SecurityContextHolder.getContext();
    Authentication authentication = context.getAuthentication();
    if (authentication == null)
        return null;
    Object principal = authentication.getPrincipal();
    if (principal instanceof UserDetails) {
        return ((UserDetails) principal).getUsername();
    } else {
        return principal.toString();
    }

I want to get the user with my DAO using the username I get from spring security.
When I call it inside the @PostConstruct method it doesn't return anything.

	@PostConstruct
public void init() {

user = utilisateurService.getUtilisateurByLogin( getConnectedUser());

but when I call it in JSF, it shows me the correct logged in username:

        &lt;h:outputText
            value=&quot;Logged as : #{testMB.getConnectedUser()}&quot; /&gt;

in conclusion : with Init function I get nothing in the view , with the JSF call I get the username, can someone help me out?

EDIT : i run some tests and it appears that the authentication is null , even tho i'm logged in

答案1

得分: 1

我认为在PostConstruct中不可用Spring Security principal是有道理的。

在DAO的PostConstruct中,会在应用程序启动时调用。那时,没有已登录的用户。但是,当您浏览JSF页面时,您可能已经登录,这就是为什么在那里Principal可用的原因。

当您访问应用程序URL时,Spring Security过滤器链将被调用。

我建议您在常规DAO方法调用期间调用此方法。如果您已登录,那么Principal应该是可用的。

@Repository
public class SomeDao
{
    public String someDaoMethod() {
        getConnectedUser();
        // 其他操作...
    }
    
    private String getConnectedUser() {  
        SecurityContext context = SecurityContextHolder.getContext();
        Authentication authentication = context.getAuthentication();
        if (authentication == null)
            return null;
        Object principal = authentication.getPrincipal();
        if (principal instanceof UserDetails) {
            return ((UserDetails) principal).getUsername();
        } else {
            return principal.toString();
        }
    }
}
英文:

I think it makes sense that Spring Security principal is not available in PostConstruct.

PostConstruct on DAO would have been called at the time of application startup. At that time, there would be no logged in user. But, when you browse through a JSF page, there you might have logged in and that's why Principal is available there.

Spring Security Filter chain will get invoked when you visit application url.

I suggest you to call this method during your regular DAO method calls. If you are logged in, then Principal should be available.

@Repository
public class SomeDao
{

public String someDaoMethod() {
  getConnectedUser();
  ....
}
private String getConnectedUser( ){  
    SecurityContext context = SecurityContextHolder.getContext();
    Authentication authentication = context.getAuthentication();
    if (authentication == null)
        return null;
    Object principal = authentication.getPrincipal();
    if (principal instanceof UserDetails) {
        return ((UserDetails) principal).getUsername();
    } else {
        return principal.toString();
    }

huangapple
  • 本文由 发表于 2020年8月13日 11:38:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/63387796.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定