Authentication using Spring Boot using Mysql, Spring Data JPA and Spring Security
[英]Authentication using Spring Boot using Mysql, Spring Data JPA and Spring Security
问题描述
mysql> describe User;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| u_id | int | NO | PRI | NULL | auto_increment |
| email | varchar(30) | NO | UNI | NULL | |
| name | varchar(50) | NO | | NULL | |
| password | varchar(64) | NO | | NULL | |
| dob | varchar(30) | YES | | NULL | |
| role | varchar(10) | NO | | NULL | |
+----------+-------------+------+-----+---------+----------------+
This is my table in mysql.
这是我在 mysql 中的表。 He the role column will be of 2 values only(admin/user).他的角色列将只有 2 个值(管理员/用户)。 If it is user I need to give access to specific url and also the same applies for the admin.如果是用户,我需要授予对特定 url 的访问权限,并且同样适用于管理员。
How to use Spring security and JPA for this?如何为此使用 Spring 安全性和 JPA?
Example code from internet来自互联网的示例代码
http.authorizeRequests().antMatchers("/admin/**").hasRole("ADMIN").antMatchers("/users/**").hasRole("USER");
Similarly I need the urls("/edit/"),("/add/") to be accessed by the admin and the urls("/rate/") to be accessed by user同样,我需要管理员访问 urls("/edit/"),("/add/") 和用户访问 urls("/rate/")
1 个解决方案
解决方案1
0 2022-09-27 13:35:22
You need to create a security config class which extends WebSecurityConfigurerAdapter and override its methods.您需要创建一个扩展 WebSecurityConfigurerAdapter 并覆盖其方法的安全配置 class。
To achieve role based access to urls antMatchers are used.为了实现对 url 的基于角色的访问,使用了 antMatchers。 For the reference I have appended a method which is overrided in the config class.作为参考,我附加了一个在配置 class 中被覆盖的方法。
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/profile/**").hasAuthority("ROLE_USER")
.antMatchers("/dashboard/**").hasAuthority("ROLE_ADMIN")
.and()
.formLogin()
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("password")
.successHandler(customSuccessHandler)
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll()
.and()
.exceptionHandling().accessDeniedPage("/403.html");
}
For more details refer https://www.baeldung.com/spring-security-expressions .有关详细信息,请参阅https://www.baeldung.com/spring-security-expressions 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.