[英]Spring Security Set Role On Registration
我是 Spring security 的新手,所以我已经学习了一些教程,但是我无法理解角色的结构是如何真正在幕后工作的。 我有两张表,一张给用户:
@Entity
@Table(name = "UserProfile", schema = "dbo", catalog = "DevTestTeam")
public class UserProfileEntity implements UserDetails{
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id", nullable = false)
private long id;
@Column(name = "enabled", nullable = false)
private boolean enabled;
@NotEmpty(message = "Enter a password.")
@Size(min = 6, max = 15, message = "Password must be between 6 and 15 characters.")
@Column(name = "password", nullable = true, length = 100)
private String password;
@NotEmpty(message = "Enter a username.")
@Size(min = 6, max = 20, message = "Username must be between 6 and 20 characters.")
@Column(name = "username", nullable = true, length = 20, unique = true)
private String username;
@OneToOne
@JoinColumn(name = "role_id")
private RoleEntity role;
public RoleEntity getRole() {
return role;
}
public void setRole(RoleEntity role) {
this.role = role;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return authorities;
}
和一个角色:
@Entity
@Table(name = "Role", schema = "dbo", catalog = "DevTestTeam")
public class RoleEntity {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id", nullable = false)
private long id;
@Column(name = "name", nullable = true, length = 255)
private String name;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
创建新用户时,我感到困惑。 我有一个由 UserProfileEntity 对象支持的注册表单,它填充了用户名和密码。 然后显然很容易 setEnabled()=true (为了清楚起见,我在这段代码中留下了一些 getter/setter)。
我的问题是在实例化要保存在数据库中的 UserProfileEntity 时如何设置角色。 我的 role_id 外键应该只取一个整数并从 Role 表返回角色,但我不确定在实例化时如何表达。 我在角色表中有一个 ROLE_USER,id 为 1,我觉得这很容易实例化,但我找不到我正在寻找的答案。
用户实现:
@Service
public class UserProfileServiceImpl implements UserProfileService{
@Autowired
private UserProfileDao userDao;
@Override
public UserProfileEntity findByUser(String username) {
return userDao.findByUsername(username);
}
@Override
public List<UserProfileEntity> findAll() {
List<UserProfileEntity> list = userDao.findAll();
return list;
}
@Override
public UserProfileEntity save(UserProfileEntity persisted) {
userDao.save(persisted);
return null;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserProfileEntity user = userDao.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found.");
}
return user;
}
}
您需要一些存储库方法来按名称获取用户角色:
RoleEntity roleEntity = roleEntityRepository.findByName("ROLE_USER");
然后在持久化之前将该RoleEntity
设置为UserProfileEntity
:
UserProfileEntity userProfileEntity = new UserProfileEntity();
userProfileEntity.setRoleEntity(roleEntity);
userService.save(userProfileEntity);
您还想要的是不扩展您的UserProfileEntity
。 对于 Spring Security,您需要UserDetailsService
实现:
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserProfileEntity userProfileEntity = userRepository.findByUsername(username);
if (userProfileEntity == null) {
throw new UsernameNotFoundException("Non existing user!");
}
return new org.springframework.security.core.userdetails.User(userProfileEntity.getUsername(),
userProfileEntity.getPassword(),
Arrays.asList(new SimpleGrantedAuthority(userByUsername.getRoleEntity().getName())));
}
}
但是,我看到您的要求非常简单 - 每个用户一个角色。 因此,您的RoleEntity
可能只是一个具有预定义角色的枚举:
public enum RoleEntity {
ROLE_USER
}
在UserProfileEntity
您可以像这样使用它:
public class UserProfileEntity {
@Enumerated(EnumType.STRING)
private RoleEntity roleEntity;
}
使用角色持久化用户:
UserProfileEntity userProfileEntity = new UserProfileEntity();
userProfileEntity.setRoleEntity(RoleEntity.USER);
userService.save(userProfileEntity);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.