If you want information from SecurityContextHolder, you have to keep it on there.
Here is the easiest solution for this:
- Get Auth Token from the request, where your current log user info present.
- Extract log user name from jwt using some Util method.
- Get the user details from the Database using this user name.
- Finally Set this User info into the Spring Security context holder.
And you have to do this every Request Using an HTTP Request Filter (OncePerRequestFilter).
Like:
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import com.madbarsoft.config.MyUserDetailsService;
import com.madbarsoft.utility.JwtUitl;
@Component
public class JwtRequestFilter extends OncePerRequestFilter {
@Autowired
private JwtUitl jwtUitl;
@Autowired
private MyUserDetailsService userDetailsService;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chin)
throws ServletException, IOException {
final String authorizationHeader = request.getHeader("Authorization");
System.out.println("Authorization Header #:"+authorizationHeader);
String userName = null;
String jwtStr = null;
if(authorizationHeader != null && authorizationHeader.startsWith("Bearer ")){
jwtStr = authorizationHeader.substring(7);
userName = jwtUitl.extractUserName(jwtStr);
System.out.println("Form JWT userName: "+userName);
}
System.out.println("In Filter Before set #: "+SecurityContextHolder.getContext().getAuthentication());
if(userName != null && SecurityContextHolder.getContext().getAuthentication() == null){
UserDetails userDetails = this.userDetailsService.loadUserByUsername(userName);
if(jwtUitl.validateToken(jwtStr, userDetails)){
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(
userDetails, null, userDetails.getAuthorities());
usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
}
System.out.println("In Filter After Set #: "+SecurityContextHolder.getContext().getAuthentication());
}
chin.doFilter(request, response);
}
}
Now you can access user info from anywhere in the Entire Project.
(It's a working Project, You can take some info from gitLink here.)
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…