Ich habe diesen Controller, in dem ich die mit dem aktuell authentifizierten Benutzer zugeordneten Postinformationen speichere: < /p>
Code: Select all
@PostMapping("/create")
public String processPost(
@CurrentUser User activeUser,
@ModelAttribute @Valid Post post,
Errors errors){
if(errors.hasErrors()){
return "admin/post/create";
}
User user2 = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
logger.info("Información del usuario mediate @CurrentUser: " + activeUser.toString());
logger.info("Información del usuario mediate SecurityContextHolder: " + user2.toString());
post.setAuthor(activeUser);
postService.create(post);
return "redirect:/admin/posts/all";
}
< /code>
@CurrentUser
Definition ist hier:
Code: Select all
package services.security;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
/**
*
* @author sergio
*/
@Target({ElementType.PARAMETER, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@AuthenticationPrincipal
public @interface CurrentUser {}
< /code>
When the controller is executed the user obtained by @AuthenticationPrincipal
ist leer und der von SecurityContextHolder erhalten alle Informationen:
Code: Select all
2016-12-10 19:37:52 INFO PostController:62 - Información del usuario mediate @CurrentUser: User{id=null, username=null, passwordClear=null, confirmPassword=null, password=null, email=null, enabled=true, fullName=null, posts=[]}
2016-12-10 19:37:52 INFO PostController:63 - Información del usuario mediate SecurityContextHolder: User{id=1, username=sergio11, passwordClear=null, confirmPassword=null, password=$2a$10$LJvYTNacIvqZWDQWjF7xaeheK1MrF.FkXxovb2QgcF2CMudA1mM/., [email protected], enabled=true, fullName=Sergio Sánchez Sánchez, posts=[]}
< /code>
As I understand using @EnableWebSecurity
aktiviert im Kontext das Resolver -Argument für die @AuthenticationPrincipal
Meine Konfiguration der Spring Security ist Folgendes:
package config.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import services.security.CustomUserDetailsService;
/**
*
* @author sergio
*/
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = CustomUserDetailsService.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationEventPublisher(defaultAuthenticationEventPublisher)
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/signup").anonymous()
.antMatchers("/admin/**").authenticated()
.anyRequest().permitAll()
.and()
.formLogin().loginPage("/admin/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/admin/logout"))
.logoutSuccessUrl("/admin/login?logout")
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf();
}
@Bean
public DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
}
< /code>
I am using
Spring Security 4.2.0.RELEASE
thanks
Ich habe diesen Controller, in dem ich die mit dem aktuell authentifizierten Benutzer zugeordneten Postinformationen speichere: < /p>
[code]@PostMapping("/create")
public String processPost(
@CurrentUser User activeUser,
@ModelAttribute @Valid Post post,
Errors errors){
if(errors.hasErrors()){
return "admin/post/create";
}
User user2 = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
logger.info("Información del usuario mediate @CurrentUser: " + activeUser.toString());
logger.info("Información del usuario mediate SecurityContextHolder: " + user2.toString());
post.setAuthor(activeUser);
postService.create(post);
return "redirect:/admin/posts/all";
}
< /code>
@CurrentUser[/code] Definition ist hier:
[code]package services.security;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
/**
*
* @author sergio
*/
@Target({ElementType.PARAMETER, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@AuthenticationPrincipal
public @interface CurrentUser {}
< /code>
When the controller is executed the user obtained by @AuthenticationPrincipal[/code] ist leer und der von SecurityContextHolder erhalten alle Informationen:
[code]2016-12-10 19:37:52 INFO PostController:62 - Información del usuario mediate @CurrentUser: User{id=null, username=null, passwordClear=null, confirmPassword=null, password=null, email=null, enabled=true, fullName=null, posts=[]}
2016-12-10 19:37:52 INFO PostController:63 - Información del usuario mediate SecurityContextHolder: User{id=1, username=sergio11, passwordClear=null, confirmPassword=null, password=$2a$10$LJvYTNacIvqZWDQWjF7xaeheK1MrF.FkXxovb2QgcF2CMudA1mM/.,
[email protected], enabled=true, fullName=Sergio Sánchez Sánchez, posts=[]}
< /code>
As I understand using @EnableWebSecurity[/code] aktiviert im Kontext das Resolver -Argument für die @AuthenticationPrincipal
Meine Konfiguration der Spring Security ist Folgendes:
package config.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import services.security.CustomUserDetailsService;
/**
*
* @author sergio
*/
@Configuration
@EnableWebSecurity
@ComponentScan(basePackageClasses = CustomUserDetailsService.class)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Autowired
private DefaultAuthenticationEventPublisher defaultAuthenticationEventPublisher;
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.authenticationEventPublisher(defaultAuthenticationEventPublisher)
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/signup").anonymous()
.antMatchers("/admin/**").authenticated()
.anyRequest().permitAll()
.and()
.formLogin().loginPage("/admin/login").permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/admin/logout"))
.logoutSuccessUrl("/admin/login?logout")
.and()
.exceptionHandling().accessDeniedPage("/403")
.and()
.csrf();
}
@Bean
public DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
}
}
< /code>
I am using [b]Spring Security 4.2.0.RELEASE[/b]
thanks :)
Mobile version