Spring安全性使用ROLE_USER定義用戶注冊
[英]spring security defining user registration with ROLE_USER
問題描述
我正在使用Hibernate和Spring Security在Spring MVC 4中創建一個項目。 在這個項目中,我有3個角色: ROLE_USER , ROLE_COMPANY和ROLE_ADMIN 。
用戶將像常規注冊站點一樣注冊,但我對如何通過注冊過程在數據庫中保存新用戶感到困惑,如何保存Spring Security定義的新用戶和數據庫以及如何使用hibernate獲取該信息。
謝謝。
1 個解決方案
解決方案1
3 已采納 2015-02-22 17:57:10
您將擁有實現UserDetails User類,該UserDetails具有一個或多個權限。 例如:
用戶
@Entity
@Table(name = "User")
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@NotNull
private String username;
@NotNull
private String password;
@OneToMany(cascade = CascadeType.ALL, mappedBy = "user", fetch = FetchType.EAGER, orphanRemoval = true)
private Set<UserAuthority> authorities;
//helper method to set roles for this user
public void grantRole(UserRole role) {
if (authorities == null) {
authorities = new HashSet<UserAuthority>();
}
authorities.add(role.asAuthorityFor(this));
}
//overrides, getters, setters
}
UserAuthority
@Entity
@IdClass(UserAuthority.class)
public class UserAuthority implements GrantedAuthority {
@NotNull
@ManyToOne(fetch = FetchType.LAZY)
@JsonIgnore
@Id
private User user;
@NotNull
@Id
private String authority;
//overrides, getters, setters
}
UserRole的
public enum UserRole {
USER, COMPANY, ADMIN;
}
在創建用戶時:
User user = new User();
user.grantRole(UserRole.USER);
repository.save(user);
至於身份驗證,您需要實現從存儲庫加載用戶的UserDetailsService
UserDetailsService實現
@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
@Autowired
private UserRepository repository;
private final AccountStatusUserDetailsChecker detailsChecker = new AccountStatusUserDetailsChecker();
@Override
public final User loadUserByUsername(String username) throws UsernameNotFoundException {
final User user = repository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
detailsChecker.check(user);
return user;
}
}
現在,在您的安全配置中,您只需使用UserDetailsService
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
你如何獲取數據取決於你,我將使用Spring Data JPA。
Spring Security與access =“ ROLE_USER”一起使用,但不適用於EL
[英]Spring security works with access=“ROLE_USER” but not with EL
Spring Security-為什么我只能以ROLE_ADMIN而不是ROLE_USER的身份訪問頁面?
[英]Spring security - how come I can only access pages as ROLE_ADMIN and not ROLE_USER?
它讓我失望500無法在spring security中評估表達式'ROLE_USER'
[英]It throws me 500 Failed to evaluate expression 'ROLE_USER' in spring security
如何使用Spring Security在Spring xml中為一個特殊的URL一起定義ROLE_USER,ROLE_ADMIN IN?
[英]How to defined ROLE_USER,ROLE_ADMIN IN together for one spefic url in spring xml using spring security?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
表中的Spring Security ROLE_USER
Spring Security與access =“ ROLE_USER”一起使用,但不適用於EL
Spring Security-為什么我只能以ROLE_ADMIN而不是ROLE_USER的身份訪問頁面?
它讓我失望500無法在spring security中評估表達式'ROLE_USER'
如何使用Spring Security在Spring xml中為一個特殊的URL一起定義ROLE_USER,ROLE_ADMIN IN?
spring security 通過 ROLE 重定向用戶
Spring Security-檢索用戶角色
使用Spring Security創建/注冊新用戶?
Spring Security用戶帳戶注冊,創建和管理
如何將用戶注冊表格與Spring Security集成在一起
相關標簽