英文:
Spring security Principal won't work with @PostConstruct
问题
以下是您要翻译的内容:
我有一个包含此函数的托管Bean,该函数返回已登录用户的用户名:
public String getConnectedUser() {
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
if (authentication == null)
return null;
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return ((UserDetails) principal).getUsername();
} else {
return principal.toString();
}
}
我想使用从Spring Security获取的用户名从我的DAO中获取用户。当我在@PostConstruct方法中调用它时,它不返回任何内容。
@PostConstruct
public void init() {
user = utilisateurService.getUtilisateurByLogin(getConnectedUser());
}
但是当我在JSF中调用它时,它会显示正确的已登录用户名:
<h:outputText value="Logged as : #{testMB.getConnectedUser()}" />
总结:使用init函数在视图中我得不到任何内容,但在JSF调用中我得到了用户名,有人可以帮助我吗?
编辑:我运行了一些测试,结果显示认证为null,尽管我已登录。
英文:
I have a managedbean which contains this function that returns the username of the logged in user:
public String getConnectedUser( ){
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
if (authentication == null)
return null;
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return ((UserDetails) principal).getUsername();
} else {
return principal.toString();
}
I want to get the user with my DAO using the username I get from spring security.
When I call it inside the @PostConstruct method it doesn't return anything.
@PostConstruct
public void init() {
user = utilisateurService.getUtilisateurByLogin( getConnectedUser());
but when I call it in JSF, it shows me the correct logged in username:
<h:outputText
value="Logged as : #{testMB.getConnectedUser()}" />
in conclusion : with Init function I get nothing in the view , with the JSF call I get the username, can someone help me out?
EDIT : i run some tests and it appears that the authentication is null , even tho i'm logged in
答案1
得分: 1
我认为在PostConstruct中不可用Spring Security principal是有道理的。
在DAO的PostConstruct中,会在应用程序启动时调用。那时,没有已登录的用户。但是,当您浏览JSF页面时,您可能已经登录,这就是为什么在那里Principal可用的原因。
当您访问应用程序URL时,Spring Security过滤器链将被调用。
我建议您在常规DAO方法调用期间调用此方法。如果您已登录,那么Principal应该是可用的。
@Repository
public class SomeDao
{
public String someDaoMethod() {
getConnectedUser();
// 其他操作...
}
private String getConnectedUser() {
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
if (authentication == null)
return null;
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return ((UserDetails) principal).getUsername();
} else {
return principal.toString();
}
}
}
英文:
I think it makes sense that Spring Security principal is not available in PostConstruct.
PostConstruct on DAO would have been called at the time of application startup. At that time, there would be no logged in user. But, when you browse through a JSF page, there you might have logged in and that's why Principal is available there.
Spring Security Filter chain will get invoked when you visit application url.
I suggest you to call this method during your regular DAO method calls. If you are logged in, then Principal should be available.
@Repository
public class SomeDao
{
public String someDaoMethod() {
getConnectedUser();
....
}
private String getConnectedUser( ){
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
if (authentication == null)
return null;
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return ((UserDetails) principal).getUsername();
} else {
return principal.toString();
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论