Principal.getId()拿到的用戶id,默認是從Credential.getId()拷貝過來的,Principal實例主要是來自DefaultPrincipalFactory
DefaultPrincipalFactory.createPrincipal(final String id)
我們看一下QueryDatabaseAuthenticationHandler 是怎麼調用DefaultPrincipalFactory.createPrincipal()的
class QueryDatabaseAuthenticationHandler extends AbstractJdbcUsernamePasswordAuthenticationHandler {
@Override
protected final HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential)
throws GeneralSecurityException, PreventedException {
final String username = credential.getUsername();
......
return createHandlerResult(credential, this.principalFactory.createPrincipal(username), null);
}
}
可以看到Principal的id就是來自Credential.getId()
那麼Credential的id又是從哪來的呢
UsernamePasswordCredential implements Credential{
.........
public String getId() {
return this.username;
}
.........
}
從代碼可以看到,UsernamePasswordCredential.getId()返回的就是用戶登陸時在網頁上輸入的用戶名username,而不是數據庫表中user的id(整型數據),它是一個String類型。