java.lang.ClassCastException:org.springframework.security.core.userdetails.User无法强制转换为model.User

Question

我在我的应用程序中使用Spring Security.我需要在我的应用程序的控制器中登录用户详细信息.

为此,我使用此代码

User loggedInUser = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();

但是在运行此代码时,我得到了classcastexception

java.lang.ClassCastException: org.springframework.security.core.userdetails.User cannot be cast to model.User

为了解决这个问题,我参考了这篇文章

最初我使用了CustomUserServiceDetails类

@Service("myUserDetailService")
@Transactional
public class CustomUserDetailsService implements UserDetailsService {

    private static final Logger logger = Logger.getLogger(CustomUserDetailsService.class);

    @Autowired
    private UserDAO userDAO;

    public UserDetails loadUserByUsername(String name) throws UsernameNotFoundException, DataAccessException {
        // returns the get(0) of the user list obtained from the db
        User domainUser = userDAO.getUser(name);
        logger.debug("User fetched from database in loadUserByUsername method " + domainUser);

        Set<Role> roles = domainUser.getRole();
        logger.debug("role of the user" + roles);

        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        for(Role role: roles){
            authorities.add(new SimpleGrantedAuthority(role.getRole()));
            logger.debug("role" + role + " role.getRole()" + (role.getRole()));
        }

        boolean credentialNonExpired = true;

        return new org.springframework.security.core.userdetails.User(domainUser.getProfileName(), domainUser.getPassword(), domainUser.isAccountEnabled(),
                domainUser.isAccountNonExpired(), credentialNonExpired, domainUser.isAccountNonLocked(),authorities);

    }

}

但在参考文章后,我从此处删除了GrantedAuthorities的设置并将其移至我的User类.在我的User类中实现了spring-security UserDetails类

现在我在User类中有一个额外的属性

@Entity
@Table(name = "user")
public class User implements UserDetails {
    private Collection<GrantedAuthority> authorities;

用setMethod

public void setAuthorities(Set<Role> roles) {
        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        for(Role role: roles){
            authorities.add(new SimpleGrantedAuthority(role.getRole()));}
    }

答:我不知道如何将此属性映射到数据库.现有的User表架构除了它甚至不是基本类型外,不包含GrantedAuthority列.我正在使用Hibernate进行对象映射.任何人都可以建议我在控制器中获取用户类信息的正确方法吗？

B.我还考虑了扩展spring的User类并重载User类的构造函数的方法.但是每当我在代码中的任何地方初始化我的用户时,我必须提供所有构造函数参数,这些参数根本不是很好.

Answer 1

修复了这个问题

解

创建了一个CustomUserDetail类,它实现了Spring的UserDetails接口.将我的模型User类注入其中.

public class CustomUserDetail implements UserDetails{

    private static final long serialVersionUID = 1L;
    private User user;

    Set<GrantedAuthority> authorities=null;

    public User getUser() {
        return user;
    }

    public void setUser(User user) {
        this.user = user;
    }

    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }

    public void setAuthorities(Set<GrantedAuthority> authorities)
    {
        this.authorities=authorities;
    }

    public String getPassword() {
        return user.getPassword();
    }

    public String getUsername() {
        return user.getProfileName();
    }

    public boolean isAccountNonExpired() {
        return user.isAccountNonExpired();
    }

    public boolean isAccountNonLocked() {
        return user.isAccountNonLocked();
    }

    public boolean isCredentialsNonExpired() {
        return user.isCredentialsNonExpired();
    }

    public boolean isEnabled() {
        return user.isAccountEnabled();
    }

}

CustomUserServiceDetails

public class CustomUserDetailsService implements UserDetailsService {

    @Autowired
    private UserDAO userDAO;

    public CustomUserDetail loadUserByUsername(String name) throws UsernameNotFoundException, DataAccessException {
        // returns the get(0) of the user list obtained from the db
        User domainUser = userDAO.getUser(name);


        Set<Role> roles = domainUser.getRole();
        logger.debug("role of the user" + roles);

        Set<GrantedAuthority> authorities = new HashSet<GrantedAuthority>();
        for(Role role: roles){
            authorities.add(new SimpleGrantedAuthority(role.getRole()));
            logger.debug("role" + role + " role.getRole()" + (role.getRole()));
        }

        CustomUserDetail customUserDetail=new CustomUserDetail();
        customUserDetail.setUser(domainUser);
        customUserDetail.setAuthorities(authorities);

        return customUserDetail;

    }

}

在我的控制器方法中

CustomUserDetail myUserDetails = (CustomUserDetail) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        Integer userId=myUserDetails.getUser().getUserId(); //Fetch the custom property in User class

Answer 2

而不是使用

User loggedInUser = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();

试试这个

Authentication loggedInUser = SecurityContextHolder.getContext().getAuthentication();
String username = loggedInUser.getName();

参考文献:https: //www.mkyong.com/spring-security/get-current-logged-in-username-in-spring-security/