1. 首页
  2. 问答
  3. 在弹簧安全中创建一个会话范围的bean

在弹簧安全中创建一个会话范围的bean

2015-12-03 75 views
0

我需要创建一个POJO类来存储与用户有关的信息。在春季安全中,我的权威表中有一个额外的instituionIds列,它是一个CSV字符串,将在各种DAO调用中使用。我需要设置这个类的值,这在查询数据库时将需要。在弹簧安全中创建一个会话范围的bean

@Component 
@Scope("session") 
public class InstitutionList { 

    private String institutionList = ""; 

    public String getInstitutionList() { 
     return institutionList; 
    } 

    public void setInstitutionList(String institutionList) { 
     this.institutionList = institutionList; 
    } 
}

我需要在我自己的UserDetailsS​​ervice实现

@Transactional 
@Service 
public class UserDetailsServiceImpl implements UserDetailsService { 
    private static final Logger logger = LoggerFactory.getLogger(UserDetailsServiceImpl.class); 
    private @Autowired ACSAdminUsersService acsAdminUsersService; 
    private @Autowired ACSAdminAuthoritiesService acsAdminAuthoritiesService; 
    private String[] authority; 

    public ACSAdminUsers getUserByAdminUsername(String username) { 
     logger.info("Getting user by username"); 
     ACSAdminUsers user = acsAdminUsersService.getUserByAdminUsername(username); 
     if(user!=null) acsAdminUsersService.addLogInInfo(username); 
     return user; 
    } 

    @Override 
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
     ACSAdminUsers user = getUserByAdminUsername(username); 
     logger.info("Username is : " + username); 
     logger.info("user is : " + user); 

     authority = acsAdminAuthoritiesService.getAuthoritiesForRole(user.getRole()); 
     logger.info("User role is : " + authority); 
     if(authority == null) { 
      throw new UsernameNotFoundException("User : "+username+" has no authorities."); 
     }else { 
     boolean accountNonExpired = true; 
     boolean credentialsNonExpired = true; 
     boolean accountNonLocked = true; 

     return new org.springframework.security.core.userdetails.User(username,user.getAdmin_pass(), 
       true,accountNonExpired,credentialsNonExpired, 
       accountNonLocked, 
       getAuthorities(username)); 
     } 
    } 

    public Collection<? extends GrantedAuthority> getAuthorities(String username) { 
     List<GrantedAuthority> authList = null; 

     authList=new ArrayList<GrantedAuthority>(); 

     for(int i = 0; i < authority.length; i++) { 
      SimpleGrantedAuthority s = new SimpleGrantedAuthority(this.authority[i]); 
      authList.add(s); 
     } 
     return authList; 
    } 
}

使用这个在上面的java类,我需要查询数据库并获取,与有关当局一起,这就需要在查询中使用institutionIds整个应用程序。

来源

2015-12-03 JavaGuy

回答

0

您可以创建自己的InstitutionContextHolder并使用threadlocal存储对象。通过这种方式,你可以在每个你想要的课程中使用这个对象。你可以看看SecurityContextHolder的例子。

来源

2015-12-03 09:54:18

相关问题

 相关问题