The best way to do this IMO is to have one of your services (probably UserService) implement UserDetailsService and specify in the spring security XML that you wish to use your own user details service.

执行此 IMO 的最佳方法是让您的服务之一（可能是 UserService）实现 UserDetailsS​​ervice 并在 spring security XML 中指定您希望使用自己的用户详细信息服务。

What the UserDetailsService will need to do is implement a loadByUsername(String username) method. This method will need to return a class that implements UserDetails. This can be your own custom object storing whatever you like. The advantage of this is that you can access the object's properties from a JSP via spring security taglib and it is also always available from the SecurityContextHolder singleton (thread safe) in spring security.

UserDetailsS​​ervice 需要做的是实现一个 loadByUsername(String username) 方法。此方法需要返回一个实现 UserDetails 的类。这可以是您自己的自定义对象，存储您喜欢的任何内容。这样做的好处是您可以通过 spring security taglib 从 JSP 访问对象的属性，并且它也始终可以从 spring security 中的 SecurityContextHolder 单例（线程安全）获得。

Here is a link to the docs for this: spring security manual, chapter 8Here is a blog post talking about implementing a custom user details service for password encryption: example usage

这是文档的链接：spring security 手册，第 8 章这是一篇关于为密码加密实现自定义用户详细信息服务的博客文章：示例用法

Hope this helps

希望这可以帮助

Edit: Forgot to mention that the object will be removed from the security context and session on logout. That is what is most useful about it, it is fully managed by spring security.

编辑：忘记提及该对象将在注销时从安全上下文和会话中删除。这就是它最有用的地方，它完全由 Spring Security 管理。

You definitely need to write your own UserDetailService. In the Principal object there is the user and there is also a Details object in the AuthenticationTokenthat you can store a Map(String, String) of other login info.

您肯定需要编写自己的UserDetailService. 在 Principal 对象中有用户，还有一个 Details 对象AuthenticationToken，您可以在其中存储其他登录信息的 Map(String, String) 。

public class RequestFormDeatils extends SpringSecurityFilter {

   protected void doFilterHttp(HttpServletRequest request, ...) {
      SecurityContext sec = SecurityContextHolder.getContent();
      AbstractAuthenticationToken auth = (AbstractAuthenticationToken)sec.getAuthentication();
      Map<String, String> m = new HashMap<String, String>;
      m.put("myCustom1", request.getParameter("myCustom1"));
      m.put("myCustom2", request.getParameter("myCustom2"));
      auth.setDetails(m);
}

Now anywhere in your code you get use the SecurityContextto propagate this security related info without having to couple it to your UserDetailsobject, or pass it as arguments. I do this code in a SecurityFilterat the end of the Spring Security Filter chain.

现在，您可以在代码中的任何地方使用SecurityContext传播此安全相关信息，而无需将其耦合到您的UserDetails对象，或将其作为参数传递。我SecurityFilter在 Spring Security Filter 链的末尾执行此代码。

<bean id="requestFormFilter" class="...RequestFormDetails">
   <custom-filter position="LAST" />
</bean> 

This info will be removed when the user is removed (like at log out).  

当用户被删除时（如注销），此信息将被删除。