[英]Spring security role assignment
JEE containers typically provide a mechanism using proprietary deployment descriptors to map external to internal user roles. JEE容器通常提供一种机制,该机制使用专有的部署描述符将外部用户角色映射到内部用户角色。 That is, the application declares and uses the internal roles in web.xml and there is a file (eg weblogic.xml for weblogic) that maps the actual roles assigned to a user to the internal ones.
也就是说,应用程序在web.xml中声明并使用内部角色,并且有一个文件(例如,用于weblogic的weblogic.xml)将分配给用户的实际角色映射到内部角色。
How can such a mapping be achieved when using Spring Security? 使用Spring Security时如何实现这种映射? I am using Spring Security 3.0.x.
我正在使用Spring Security3.0.x。
Spring Security 3.0.x. Spring Security3.0.x。 does not provide such a mapping out of the box.
不提供开箱即用的映射。
But you can implement it by your own, by extending the Authentication Provider that is used for your authentication method. 但是,您可以通过扩展用于身份验证方法的身份验证提供程序来自己实现它。
If you use a DaoAuthenticationProvider
(that use internaly a UserDetailsService
) then you can override the addCustomAuthorities(String username, List<GrantedAuthority> authorities)
method to add new/mapped roles according to the already granted once. 如果使用
DaoAuthenticationProvider
(内部使用UserDetailsService
),则可以重写addCustomAuthorities(String username, List<GrantedAuthority> authorities)
方法,以根据已经授予的角色添加新角色/映射角色。
for example a Extended UserDetailsService
: 例如Extended
UserDetailsService
:
...
@Override
protected void addCustomAuthorities(String username, List<GrantedAuthority> authorities) {
super.addCustomAuthorities(username, authorities);
List<GrantedAuthority> additional = new ArrayList<GrantedAuthority>();
for (GrantedAuthority role : authorities) {
additional .addAll(vourMappingService.getAdditionalForRole(role));
}
authorities.addAll(additional );
}
that use the YourMappingService
in to map the roles (by adding new roles to the existing once) 使用
YourMappingService
映射角色(通过将新角色添加到现有角色一次)
public class YourMappingService
/**
* Property bases mapping of roles to privileges.
* Every role is one line, the privileges are comma separated.
*/
private Properties roleToPrivileges;
public YourMappingService(Properties roleToPrivileges) {
if (roleToPrivileges == null) {
throw new IllegalArgumentException("roleToPrivileges must not be null");
}
this.roleToPrivileges = roleToPrivileges;
}
@Override
public Collection<? extends GrantedAuthority> getAdditionalForRole(GrantedAuthority role) {
String authority = role.getAuthority();
if(authority != null) {
String commaSeparatedPrivileges = roleToPrivileges.getProperty(role.getAuthority());
if (commaSeparatedPrivileges != null) {
List<GrantedAuthority> privileges = new ArrayList<GrantedAuthority>();
for(String privilegeName : StringUtils.commaDelimitedListToSet(commaSeparatedPrivileges)) {
privileges.add(new GrantedAuthorityImpl(privilegeName.trim()));
}
return privileges;
} else {
return Collections.emptyList();
}
} else {
return Collections.emptyList();
}
}
}
configuration: 组态:
<bean id="myUserDetailsService" class="de.humanfork.springsecurityroles.impl.JdbcDaoPrivilegesImpl">
<constructor-arg ref="yourMappingService"/>
<property name="dataSource" ref="dataSource"/>
<property name="usersByUsernameQuery" value="SELECT login,encryptedPassword,loginEnabled FROM user WHERE login = ?"/>
<property name="enableAuthorities" value="true"/>
<property name="authoritiesByUsernameQuery" value="SELECT u.login, r.securityRoles FROM user u, user2security_roles r WHERE u.login= ? AND u.id = r. User_fk;"/>
</bean>
<bean id="yourMappingService" class="ZourMappingService">
<constructor-arg>
<props>
<prop key="ROLE_ADMIN">
ROLE_backend_access,
ROLE_user_mngt,
ROLE_passwordLostRequest_mngt,
ROLE_log_mngt
</prop>
<prop key="ROLE_USER">
</prop>
</props>
</constructor-arg>
</bean>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.