[英]spring security defining user registration with ROLE_USER
我正在使用Hibernate和Spring Security在Spring MVC 4中創建一個項目。 在這個項目中,我有3個角色: ROLE_USER
, ROLE_COMPANY
和ROLE_ADMIN
。
用戶將像常規注冊站點一樣注冊,但我對如何通過注冊過程在數據庫中保存新用戶感到困惑,如何保存Spring Security定義的新用戶和數據庫以及如何使用hibernate獲取該信息。
謝謝。
您將擁有實現UserDetails
User
類,該UserDetails
具有一個或多個權限。 例如:
用戶
@Entity
@Table(name = "User")
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@NotNull
private String username;
@NotNull
private String password;
@OneToMany(cascade = CascadeType.ALL, mappedBy = "user", fetch = FetchType.EAGER, orphanRemoval = true)
private Set<UserAuthority> authorities;
//helper method to set roles for this user
public void grantRole(UserRole role) {
if (authorities == null) {
authorities = new HashSet<UserAuthority>();
}
authorities.add(role.asAuthorityFor(this));
}
//overrides, getters, setters
}
UserAuthority
@Entity
@IdClass(UserAuthority.class)
public class UserAuthority implements GrantedAuthority {
@NotNull
@ManyToOne(fetch = FetchType.LAZY)
@JsonIgnore
@Id
private User user;
@NotNull
@Id
private String authority;
//overrides, getters, setters
}
UserRole的
public enum UserRole {
USER, COMPANY, ADMIN;
}
在創建用戶時:
User user = new User();
user.grantRole(UserRole.USER);
repository.save(user);
至於身份驗證,您需要實現從存儲庫加載用戶的UserDetailsService
UserDetailsService實現
@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
@Autowired
private UserRepository repository;
private final AccountStatusUserDetailsChecker detailsChecker = new AccountStatusUserDetailsChecker();
@Override
public final User loadUserByUsername(String username) throws UsernameNotFoundException {
final User user = repository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
detailsChecker.check(user);
return user;
}
}
現在,在您的安全配置中,您只需使用UserDetailsService
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
你如何獲取數據取決於你,我將使用Spring Data JPA。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.