如何从jdbc用户服务获取用户信息

如果要从数据库中加载完整的自定义用户对象,然后将其设置为 SecurityContextHolder / Session

首先根据数据库表创建一个简单的自定义用户实体

@Entity
@Table(name = "users")
public class SecurityUser implements Serializable{  

    /**
     * 
     */
    private static final long serialVersionUID = 1L;

    @Id
    @Column(name = "username", nullable = false, unique = true)
    private String username;

    @Column(name = "password", nullable = false)
    @NotNull
    private String password;

    @Column(name = "type", nullable = false)
    @NotNull
    private String type;

    @Column(name = "full_name", nullable = false)
    @NotNull
    private String fullName;

    @Column(name = "email", nullable = false)
    @NotNull
    private String email;

    //Gettters & Setters plus Default constructor
}

@Repository
public interface UserRepository extends JpaRepository<SecurityUser, Long> {
    SecurityUser findByUsername(String username);
}

为登录用户创建自定义用户对象,扩展Spring的 User

public class CurrentUser extends User {
    /**
     * 
     */
    private static final long serialVersionUID = 1L;
    private SecurityUser securityUser;

    public CurrentUser(SecurityUser securityUser) {
        super(securityUser.getUsername(), securityUser.getPassword(), AuthorityUtils.createAuthorityList(securityUser.getRole().toString()));
        this.securityUser = securityUser;
    }

    public SecurityUser getSecurityUser() {
        return securityUser;
    }

    public String getRole() {
        return securityUser.getRole();
    }
}

创建自定义用户详细信息服务

@Service
public class CurrentUserDetailsService implements UserDetailsService {

    @Autowired
    private UserRepository userService;

    @Autowired
    public CurrentUserDetailsService(UserRepository userService) {
        this.userService = userService;
    }

    public CurrentUserDetailsService() {

    }

    @Override
    public CurrentUser loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
        SecurityUser user = userService.findByUsername(username);
        return new CurrentUser(user);
    }
}

<bean id="myUserDetailsService"
  class="complete-path-to-serviceClasss.MyUserDetailsService"/>

<security:authentication-manager>
    <security:authentication-provider
      user-service-ref="myUserDetailsService" >
        <security:password-encoder ref="passwordEncoder">
        </security:password-encoder>
    </security:authentication-provider>
</security:authentication-manager>

现在,在任何地方,当用户登录时,如果您在下面的行中执行,它将为您提供 CurrentUser 包含所有数据的对象

CurrentUser user = SecurityContextHolder.getContext().getAuthentication().getPrincipal()

@RequestMapping(path="loggedInUser", method={RequestMethod.GET}, produces={MediaType.APPLICATION_JSON_UTF8_VALUE})
    @ResponseBody
    public User getLoggedInUser(Principal principal) throws SQLException{
        return database.getUser(principal.getName());
    }

或者,您可以使用返回用户名 principal.getName()