zeromemos
最好的学习方法就是输出所学的知识SpringSecurity往Redis存自定义的UserDetails对象时无法反序列化问题
自定义的UserDetails对象如果继承User
public class MySecurityUser extends User {
//自己的User实体类,方便后面存取需要的用户信息
private SysUser sysUser;
//分别将用户、密码和权限集合传到父类的构造函数里
public MySecurityUser(SysUser sysUser, Collection<? extends GrantedAuthority> authorities) {
super(sysUser.getUsername(), sysUser.getPassword(), authorities);
this.sysUser = sysUser;
}
public SysUser getSysUser() {
return sysUser;
}
public void setSysUser(SysUser sysUser) {
this.sysUser = sysUser;
}
}存入Redis后,在取出时会因为没有无参构造器而无法反序列化。
所以要改成直接实现UserDetails接口
/**
* 自定义User类 方便后面存取需要的用户信息
*/
@Data
public class MySecurityUser implements UserDetails {
//自己的User实体类,方便后面存取需要的用户信息
private SysUser sysUser;
private List<String> permissions;
//带上authorities,设置set方法用于反序列化
private Collection<? extends GrantedAuthority> authorities;
//必须带无参构造 从Redis获取该对象反序列化时需要无法构造
public MySecurityUser(){}
public MySecurityUser(SysUser sysUser, List<String> permissions){
this.permissions = permissions;
this.sysUser = sysUser;
}
//必须带setAuthorities方法,否则只有get没有set也没法反序列化
public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
this.authorities = authorities;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return AuthorityUtils.createAuthorityList(permissions.toArray(new String[0]));
}
@Override
public String getPassword() {
return sysUser.getPassword();
}
@Override
public String getUsername() {
return sysUser.getUsername();
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
必须带上无参构造器和设置authorities属性,因为接口有getAuthorities方法,必须也要有setAuthorities方法才能反序列化。
评论区
关于我们
本站主要用于记录个人学习笔记,网站开发中,如需以前站内资料请加QQ群272473835索取。注册账号仅提供回帖功能,可不注册!
