gpt4 book ai didi

java - Spring Boot 2.2.6 - 安全 |更新用户信息后如何更新Principal

转载 作者:行者123 更新时间:2023-12-01 16:45:39 28 4
gpt4 key购买 nike

在我的网站上,当用户登录时,他可以访问他的数据(密码、电子邮件...),并根据需要通过表单进行修改。处理数据并使用新数据更新数据库。但是,Spring(作为主体)当前使用和保存的数据已经过时了。我目前被迫断开用户的连接,以便他再次连接自己以检索“好的”数据,但这并不是真正的……符合人体工程学。

如何在不直接注销/登录的情况下“刷新”Principal 对象?

感谢您的帮助!

管理用户更新的 Controller 方法:

@RequestMapping(value = "/updateUser", method = RequestMethod.POST)
public ModelAndView updateProcess(Principal principal, HttpServletRequest request) {
ModelAndView mv = new ModelAndView();
updateUserService.updateUser(principal.getName(), request);
if (updateUserService.getErrors().isEmpty()) {
mv.setViewName("redirect:/deconnexion");
mv.addObject("page", "index");
} else {
mv.setViewName("members/userUpdate");
mv.addObject("page", "userProfile");
mv.addObject("form", updateUserService);
}
return mv;
}

最佳答案

我自己找到了答案: https://stackoverflow.com/a/7267941/12642186

@RequestMapping(value = "/updateUser", method = RequestMethod.POST)
public ModelAndView updateProcess2(Authentication auth, HttpServletRequest request) {
ModelAndView mv = new ModelAndView();
PrincipalUser pu = (PrincipalUser) auth.getPrincipal();
updateUserService.updateUser2(pu.getUser(), request);
if (updateUserService.getErrors().isEmpty()) {
mv.setViewName("members/userProfile");
mv.addObject("page", "userProfile");
} else {
mv.setViewName("members/userUpdate");
mv.addObject("page", "userProfile");
mv.addObject("form", updateUserService);
}
return mv;
}

由于 Java 都是关于引用的,因此直接更新转换为自定义 userDetails 的主体对象将“更新”它并阻止您注销/登录用户。

我的自定义 UserDetails 类:

public class PrincipalUser implements UserDetails {
private static final long serialVersionUID = 1L;

//my personal User class
private User user;

public PrincipalUser(User user) {
super();
this.user = user;
}

public User getUser() {
return user;
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Collections.singleton(new SimpleGrantedAuthority("USER"));
}

@Override
public String getPassword() {
return user.getPassword();
}

@Override
public String getUsername() {
return user.getPseudo();
}

@Override
public boolean isAccountNonExpired() {
return true;
}

@Override
public boolean isAccountNonLocked() {
return true;
}

@Override
public boolean isCredentialsNonExpired() {
return true;
}

@Override
public boolean isEnabled() {
return true;
}
}

所以我想一些通用代码应该如下所示:

@RequestMapping(value = "requestName", method = RequestMethod.POST)
public ModelAndView updateProcess(Authentication auth, HttpServletRequest request) {
ModelAndView mv = new ModelAndView();
//cast the Principal as your custom UserDetails
CustomUserDetails cud = (CustomUserDetails) auth.getPrincipal();
//ask a @Service class to process the new data and eventually update the user
updateUserClass.updateUser(cud.whatYouNeed, request);
//if no error while processing then set ModelAndView to your "succes page"
if (updateUserClass.getErrors().isEmpty()) {
mv.setViewName("successPage");
}
//else set ModelAndView to your "form page"
//and, if you want, add the @Service class to show the
//errors and other information in the form
else {
mv.setViewName("formPage");
mv.addObject("form", updateUserClass);
}
return mv;
}

关于java - Spring Boot 2.2.6 - 安全 |更新用户信息后如何更新Principal,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61782658/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com