Menu
I have implemented user authentication through Spring Security Framework and everything works fine. I can log in and log out, I can get logged user name for example like this:
String userName = ((UserDetails) auth.getPrincipal()).getUsername();
Now i want to get user like an object from database(i need user id and other user properties).
This how i have tried so far:
User user = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Thereafter i got following exception:
Request processing failed; nested exception is java.lang.ClassCastException: org.springframework.security.core.userdetails.User cannot be cast to net.viralpatel.contact.model.User
Here is a question - how can i get User as object, how should i modify my classes UserDetailsServiceImpl and UserAssembler, any ideas?
@Component
@Transactional
public class UserDetailsServiceImpl implements UserDetailsService{
@Autowired
private UserDAO userDAO;
@Autowired
private UserAssembler userAssembler;
private static final Logger logger = LoggerFactory.getLogger(UserDetailsServiceImpl.class);
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
User user = userDAO.findByEmail(username);
if(null == user) throw new UsernameNotFoundException("User not found");
return userAssembler.buildUserFromUser(user);
}
}
And another one:
@Service("assembler")
public class UserAssembler {
@Autowired
private UserDAO userDAO;
@Transactional(readOnly = true)
public User buildUserFromUser(net.viralpatel.contact.model.User user) {
String role = "ROLE_USER";//userEntityDAO.getRoleFromUserEntity(userEntity);
Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new GrantedAuthorityImpl(role));
return new User(user.getLogin(), user.getPassword(), true, true, true, true, authorities);
}
}
359
In order to get the current username, you first need a SecurityContext , which is obtained from the SecurityContextHolder . This SecurityContext kepy the user details in an Authentication object, which can be obtained by calling the getAuthentication() method.
The HttpServletRequest.getUserPrincipal() will return the result of SecurityContextHolder.getContext().getAuthentication() . This means it is an Authentication which is typically an instance of UsernamePasswordAuthenticationToken when using username and password based authentication.
Essentially, you need to return an implementation of UserDetails that provides access to your User.
You have two options:
Add your User as a field (you can do it be extending org.springframework.security.core.userdetails.User):
public class UserPrincipal extends org.springframework.security.core.userdetails.User {
private final User user;
...
}
and obtain a User from that field:
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
User user = ((UserPrincipal) principal).getUser();
Create a class that extends your User and implements UserDetails:
public class UserPrincipal extends User implements UserDetails {
...
public UserPrincipal(User user) {
// copy fields from user
}
}
This approach allows you to cast the principal to User directly:
User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
