stackoom
  简体   繁体   中英

spring security defining user registration with ROLE_USER

 原文  2015-02-22 14:44:12       spring/ hibernate/ spring-mvc/ spring-security

Question

I am making a project in Spring MVC 4 with Hibernate and Spring Security . In this project I have 3 roles: ROLE_USER , ROLE_COMPANY and ROLE_ADMIN .

User will register like regular registration site, but I am confused on how to save a new user in database through registration process, that how to save the new user and database defined by Spring Security and how to fetch that information using hibernate.

Thank you.

1 answers

solution1
 3 ACCPTED  2015-02-22 17:57:10

You would have your User class that implements UserDetails which has either one or many authorities. For example:

User 

@Entity
@Table(name = "User")
public class User implements UserDetails {

    @Id
    @GeneratedValue(strategy = GenerationType.AUTO)
    private Long id;

    @NotNull
    private String username;

    @NotNull
    private String password;

    @OneToMany(cascade = CascadeType.ALL, mappedBy = "user", fetch = FetchType.EAGER, orphanRemoval = true)
    private Set<UserAuthority> authorities;


    //helper method to set roles for this user
    public void grantRole(UserRole role) {
        if (authorities == null) {
            authorities = new HashSet<UserAuthority>();
        }
        authorities.add(role.asAuthorityFor(this));
    }

    //overrides, getters, setters
}

UserAuthority 

@Entity
@IdClass(UserAuthority.class)
public class UserAuthority implements GrantedAuthority {

    @NotNull
    @ManyToOne(fetch = FetchType.LAZY)
    @JsonIgnore
    @Id
    private User user;

    @NotNull
    @Id
    private String authority;

    //overrides, getters, setters
}

UserRole 

public enum UserRole {
    USER, COMPANY, ADMIN;
}

While creating user just: 

User user = new User();
user.grantRole(UserRole.USER);
repository.save(user);

As for authenticating you need to implement UserDetailsService that loads the user from the repository

UserDetailsService implementation 

@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {

    @Autowired
    private UserRepository repository;

    private final AccountStatusUserDetailsChecker detailsChecker = new AccountStatusUserDetailsChecker();

    @Override
    public final User loadUserByUsername(String username) throws UsernameNotFoundException {
        final User user = repository.findByUsername(username);
        if (user == null) {
            throw new UsernameNotFoundException("User not found");
        }
        detailsChecker.check(user);
        return user;
    }
}

Now in your Security configuration you just use that UserDetailsService 

@Autowired
private UserDetailsService userDetailsService;

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

@Override
protected UserDetailsService userDetailsService() {
    return userDetailsService;
}

How you fetch the data is up to you, I would be using Spring Data JPA for that.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring security ROLE_USER from Tables Spring security works with access=“ROLE_USER” but not with EL Spring security - how come I can only access pages as ROLE_ADMIN and not ROLE_USER? It throws me 500 Failed to evaluate expression 'ROLE_USER' in spring security How to defined ROLE_USER,ROLE_ADMIN IN together for one spefic url in spring xml using spring security? spring security redirect user by ROLE Spring Security - Retrieving Role of a User Creation / registration new user with spring security? Spring Security user account registration, creation and management How to intergrate user registration form with spring security
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM