[英]spring security defining user registration with ROLE_USER
我正在使用Hibernate和Spring Security在Spring MVC 4中创建一个项目。 在这个项目中,我有3个角色: ROLE_USER
, ROLE_COMPANY
和ROLE_ADMIN
。
用户将像常规注册站点一样注册,但我对如何通过注册过程在数据库中保存新用户感到困惑,如何保存Spring Security定义的新用户和数据库以及如何使用hibernate获取该信息。
谢谢。
您将拥有实现UserDetails
User
类,该UserDetails
具有一个或多个权限。 例如:
用户
@Entity
@Table(name = "User")
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@NotNull
private String username;
@NotNull
private String password;
@OneToMany(cascade = CascadeType.ALL, mappedBy = "user", fetch = FetchType.EAGER, orphanRemoval = true)
private Set<UserAuthority> authorities;
//helper method to set roles for this user
public void grantRole(UserRole role) {
if (authorities == null) {
authorities = new HashSet<UserAuthority>();
}
authorities.add(role.asAuthorityFor(this));
}
//overrides, getters, setters
}
UserAuthority
@Entity
@IdClass(UserAuthority.class)
public class UserAuthority implements GrantedAuthority {
@NotNull
@ManyToOne(fetch = FetchType.LAZY)
@JsonIgnore
@Id
private User user;
@NotNull
@Id
private String authority;
//overrides, getters, setters
}
UserRole的
public enum UserRole {
USER, COMPANY, ADMIN;
}
在创建用户时:
User user = new User();
user.grantRole(UserRole.USER);
repository.save(user);
至于身份验证,您需要实现从存储库加载用户的UserDetailsService
UserDetailsService实现
@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
@Autowired
private UserRepository repository;
private final AccountStatusUserDetailsChecker detailsChecker = new AccountStatusUserDetailsChecker();
@Override
public final User loadUserByUsername(String username) throws UsernameNotFoundException {
final User user = repository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
detailsChecker.check(user);
return user;
}
}
现在,在您的安全配置中,您只需使用UserDetailsService
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
你如何获取数据取决于你,我将使用Spring Data JPA。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.