get user is ok

527515025 · 527515025 · commit 1de6a7c22bf7 · 2017-03-02T09:45:38.000+08:00
diff --git a/springboot-springSecurity2/src/main/java/com/us/example/controller/LoginController.java b/springboot-springSecurity2/src/main/java/com/us/example/controller/LoginController.java
@@ -1,33 +1,29 @@
 package com.us.example.controller;
 
-import com.us.example.dao.UserDao;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.userdetails.User;
+import com.us.example.domain.SysUser;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
-import javax.servlet.http.HttpServletRequest;
 
 /**
  * Created by yangyibo on 17/3/1.
  */
 @RestController
 public class LoginController {
-    @Autowired
-    UserDao userDao;
 
     @RequestMapping(value = "/login")
     @ResponseBody
     //用户名密码是用base64 加密 原文为 admin:admin 即 用户名:密码  内容是放在request.getHeader 的 "authorization" 中
-    public Object login(HttpServletRequest request, @RequestParam(name = "logout", required = false) String logout) {
+    public Object login(@AuthenticationPrincipal SysUser loginedUser, @RequestParam(name = "logout", required = false) String logout) {
         if (logout != null) {
             return null;
         }
-        SecurityContext sc = (SecurityContext) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
-        User user = (User) sc.getAuthentication().getPrincipal();
-        return  userDao.findByUserName(user.getUsername());
+        if (loginedUser != null) {
+            return loginedUser;
+        }
+        return null;
     }
 }
diff --git a/springboot-springSecurity2/src/main/java/com/us/example/domain/SysUser.java b/springboot-springSecurity2/src/main/java/com/us/example/domain/SysUser.java
@@ -1,17 +1,24 @@
 package com.us.example.domain;
 
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Collection;
 import java.util.List;
 
 /**
  * Created by yangyibo on 17/1/17.
  */
 
-public class SysUser {
+public class SysUser implements UserDetails {  // implements UserDetails 用于登录时 @AuthenticationPrincipal 标签取值
     private Integer id;
     private String username;
+    @JsonIgnore
     private String password;
-
     private List<SysRole> roles;
+    private List<? extends GrantedAuthority> authorities;
+
 
     public Integer getId() {
         return id;
@@ -45,4 +52,35 @@ public void setRoles(List<SysRole> roles) {
         this.roles = roles;
     }
 
+    @JsonIgnore
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+    @JsonIgnore
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+    @JsonIgnore
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+
+    @JsonIgnore
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+    @JsonIgnore
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+    public void setGrantedAuthorities(List<? extends GrantedAuthority> authorities) {
+        this.authorities = authorities;
+    }
+
 }
diff --git a/springboot-springSecurity2/src/main/java/com/us/example/security/CustomUserService.java b/springboot-springSecurity2/src/main/java/com/us/example/security/CustomUserService.java
@@ -3,6 +3,7 @@
 import com.us.example.dao.UserDao;
 import com.us.example.domain.SysRole;
 import com.us.example.domain.SysUser;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -21,6 +22,7 @@ public class CustomUserService implements UserDetailsService { //自定义UserDe
 
     @Autowired
     UserDao userDao;
+    private static final org.slf4j.Logger logger = LoggerFactory.getLogger(CustomUserService.class);
 
     @Override
     public UserDetails loadUserByUsername(String username) { //重写loadUserByUsername 方法获得 userdetails 类型用户
@@ -34,11 +36,10 @@ public UserDetails loadUserByUsername(String username) { //重写loadUserByUsern
         for(SysRole role:user.getRoles())
         {
             authorities.add(new SimpleGrantedAuthority(role.getName()));
-            System.out.println(role.getName());
+            logger.info("loadUserByUsername: " + user);
         }
-        return new org.springframework.security.core.userdetails.User(user.getUsername(),
-                user.getPassword(), authorities);
-
+        user.setGrantedAuthorities(authorities); //用于登录时 @AuthenticationPrincipal 标签取值
+        return user;
     }
 
 }
