Spring Security已经
UserDetails为您在会话中存储了经过身份验证的用户。
因此,
MyUser在会话中存储的最简单方法是实现一个
UserDetails包含对
MyUser以下内容的引用的自定义:
public class MyUserDetails extends User { private MyUser myUser; public MyUserDetails(..., MyUser myUser) { super(...); this.myUser = myUser; } public MyUser getMyUser() { return myUser; } ...}并从您返回
UserDetailsService:
MyUser employee = employeesApi.getByUserName(userName);user = new MyUserDetails(..., myUser);
然后,您可以
MyUser通过安全上下文轻松访问:
MyUser myUser = ((MyUserDetails) SecurityContextHolder .getContext().getAuthentication().getPrincipal()).getMyUser();
在Spring MVC控制器中:
@RequestMapping(...)public ModelAndView someController(..., Authentication auth) { MyUser myUser = ((MyUserDetails) auth.getPrincipal()).getMyUser(); ...}在JSP中:
<security:authentication var = "myUser" property="principal.myUser" />
