[英]spring security defining user registration with ROLE_USER
I am making a project in Spring MVC 4 with Hibernate and Spring Security . 我正在使用Hibernate和Spring Security在Spring MVC 4中创建一个项目。 In this project I have 3 roles:
ROLE_USER
, ROLE_COMPANY
and ROLE_ADMIN
. 在这个项目中,我有3个角色:
ROLE_USER
, ROLE_COMPANY
和ROLE_ADMIN
。
User will register like regular registration site, but I am confused on how to save a new user in database through registration process, that how to save the new user and database defined by Spring Security and how to fetch that information using hibernate. 用户将像常规注册站点一样注册,但我对如何通过注册过程在数据库中保存新用户感到困惑,如何保存Spring Security定义的新用户和数据库以及如何使用hibernate获取该信息。
Thank you. 谢谢。
You would have your User
class that implements UserDetails
which has either one or many authorities. 您将拥有实现
UserDetails
User
类,该UserDetails
具有一个或多个权限。 For example: 例如:
User 用户
@Entity
@Table(name = "User")
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@NotNull
private String username;
@NotNull
private String password;
@OneToMany(cascade = CascadeType.ALL, mappedBy = "user", fetch = FetchType.EAGER, orphanRemoval = true)
private Set<UserAuthority> authorities;
//helper method to set roles for this user
public void grantRole(UserRole role) {
if (authorities == null) {
authorities = new HashSet<UserAuthority>();
}
authorities.add(role.asAuthorityFor(this));
}
//overrides, getters, setters
}
UserAuthority UserAuthority
@Entity
@IdClass(UserAuthority.class)
public class UserAuthority implements GrantedAuthority {
@NotNull
@ManyToOne(fetch = FetchType.LAZY)
@JsonIgnore
@Id
private User user;
@NotNull
@Id
private String authority;
//overrides, getters, setters
}
UserRole UserRole的
public enum UserRole {
USER, COMPANY, ADMIN;
}
While creating user just: 在创建用户时:
User user = new User();
user.grantRole(UserRole.USER);
repository.save(user);
As for authenticating you need to implement UserDetailsService
that loads the user from the repository 至于身份验证,您需要实现从存储库加载用户的
UserDetailsService
UserDetailsService implementation UserDetailsService实现
@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
@Autowired
private UserRepository repository;
private final AccountStatusUserDetailsChecker detailsChecker = new AccountStatusUserDetailsChecker();
@Override
public final User loadUserByUsername(String username) throws UsernameNotFoundException {
final User user = repository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
detailsChecker.check(user);
return user;
}
}
Now in your Security configuration you just use that UserDetailsService
现在,在您的安全配置中,您只需使用
UserDetailsService
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
How you fetch the data is up to you, I would be using Spring Data JPA for that. 你如何获取数据取决于你,我将使用Spring Data JPA。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.