get user is ok

1de6a7c2 · 杨伊博 · f594aecb · 1de6a7c2 · 1de6a7c2 · 1de6a7c2
Commit 1de6a7c2 authored Mar 02, 2017 by 杨伊博
3 changed files
--- a/springboot-springSecurity2/src/main/java/com/us/example/controller/LoginController.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/controller/LoginController.java
 package com.us.example.controller;
-import com.us.example.dao.UserDao;
+import com.us.example.domain.SysUser;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.userdetails.User;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
-import javax.servlet.http.HttpServletRequest;
 /**
 * Created by yangyibo on 17/3/1.
 */
 @RestController
 public class LoginController {
-    @Autowired
-    UserDao userDao;
    @RequestMapping(value = "/login")
    @ResponseBody
    //用户名密码是用base64 加密 原文为 admin:admin 即 用户名:密码  内容是放在request.getHeader 的 "authorization" 中
-    public Object login(HttpServletRequest request, @RequestParam(name = "logout", required = false) String logout) {
+    public Object login(@AuthenticationPrincipal SysUser loginedUser, @RequestParam(name = "logout", required = false) String logout) {
        if (logout != null) {
            return null;
        }
-        SecurityContext sc = (SecurityContext) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
+        if (loginedUser != null) {
-        User user = (User) sc.getAuthentication().getPrincipal();
+            return loginedUser;
-        return  userDao.findByUserName(user.getUsername());
+        }
+        return null;
    }
 }
--- a/springboot-springSecurity2/src/main/java/com/us/example/domain/SysUser.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/domain/SysUser.java
 package com.us.example.domain;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import java.util.Collection;
 import java.util.List;
 /**
 * Created by yangyibo on 17/1/17.
 */
-public class SysUser {
+public class SysUser implements UserDetails {  // implements UserDetails 用于登录时 @AuthenticationPrincipal 标签取值
    private Integer id;
    private String username;
+    @JsonIgnore
    private String password;
    private List<SysRole> roles;
+    private List<? extends GrantedAuthority> authorities;
    public Integer getId() {
        return id;
@@ -45,4 +52,35 @@ public class SysUser {
        this.roles = roles;
    }
+    @JsonIgnore
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+    @JsonIgnore
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+    @JsonIgnore
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+    @JsonIgnore
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+    @JsonIgnore
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+    public void setGrantedAuthorities(List<? extends GrantedAuthority> authorities) {
+        this.authorities = authorities;
+    }
 }
--- a/springboot-springSecurity2/src/main/java/com/us/example/security/CustomUserService.java
+++ b/springboot-springSecurity2/src/main/java/com/us/example/security/CustomUserService.java
@@ -3,6 +3,7 @@ package com.us.example.security;
 import com.us.example.dao.UserDao;
 import com.us.example.domain.SysRole;
 import com.us.example.domain.SysUser;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -21,6 +22,7 @@ public class CustomUserService implements UserDetailsService { //自定义UserDe
    @Autowired
    UserDao userDao;
+    private static final org.slf4j.Logger logger = LoggerFactory.getLogger(CustomUserService.class);
    @Override
    public UserDetails loadUserByUsername(String username) { //重写loadUserByUsername 方法获得 userdetails 类型用户
@@ -34,11 +36,10 @@ public class CustomUserService implements UserDetailsService { //自定义UserDe
        for(SysRole role:user.getRoles())
        {
            authorities.add(new SimpleGrantedAuthority(role.getName()));
-            System.out.println(role.getName());
+            logger.info("loadUserByUsername: " + user);
        }
-        return new org.springframework.security.core.userdetails.User(user.getUsername(),
+        user.setGrantedAuthorities(authorities); //用于登录时 @AuthenticationPrincipal 标签取值
-                user.getPassword(), authorities);
+        return user;
    }
 }