![](/img/trans.png)
[英]Redirect to User_dashboard page after login based on user role with Spring Security Configuration
[英]Role based dashboard in spring security
CREATE TABLE `role_details` (
`role_id` int(11) NOT NULL AUTO_INCREMENT,
`role_name` varchar(45) DEFAULT NULL,
`role_desc` varchar(100) DEFAULT NULL,
`rights` varchar(300) DEFAULT NULL,
PRIMARY KEY (`role_id`)
)
CREATE TABLE `user_details` (
`user_id` int(11) NOT NULL AUTO_INCREMENT,
`display_name` varchar(45) DEFAULT NULL,
`password` varchar(45) DEFAULT NULL,
`emp_id` int(11) DEFAULT NULL,
`role` varchar(45) DEFAULT NULL,
`email` varchar(45) DEFAULT NULL,
`mobile` varchar(45) DEFAULT NULL,
`creation_time` datetime DEFAULT CURRENT_TIMESTAMP,
`status` varchar(45) DEFAULT NULL,
PRIMARY KEY (`user_id`)
)
這是我的數據庫架構。 我正在使用Spring Security。 但是我很困惑...我需要在spring-security.xml中編寫什么?
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"SELECT * FROM hmis_db.user_details where display_name=? and status='active'"
authorities-by-username-query=
"**QUESTION** " />
</authentication-provider>
</authentication-manager>
實際上,我想創建基於角色的儀表板。 和role_details表中的“權限”,用於指定訪問菜單列表。根據該列表,它將生成基於角色的儀表板。
實際上,我看不到您的UserDetails表和RoleDetails表之間的關系,也許我正在丟失一些東西。
當我建立了這樣一種實體模式時,我總是在用戶和角色之間建立了一對一的關系,因此一個用戶可以擁有一個或多個角色。
但是,假設您要在用戶與角色之間建立1-1關系,並假設您要查找的ROLE_xxx在UserDetails表的role字段中,則按用戶名查詢的權限必須大致如下:
"select display_name as username, role as authority from user_details where display_name =? "
如果user_details中的字段角色是必須與role_details中的字段role_name匹配的外鍵,而rigth實際上是security_intercept url的訪問元素中引用的權限,則應采用以下方式:
"select u.display_name as username, r.rights as authority
from user_details as u INNER JOIN role_details as r ON u.role = r.role_name
where u.display_name =? "
但是,如果權限是逗號分隔的權限列表,那么您可能會遇到麻煩。 按用戶名查詢的授權機構希望接收到在每行中均具有授權的行的列表。 如果這是您要查找的內容,則應考慮更改架構或對表進行查看,以便每行返回正確的結果
編輯:我應該這樣做:
這是創建腳本:
CREATE TABLE IF NOT EXISTS `role_details` (
`role_id` INT(11) NOT NULL AUTO_INCREMENT,
`role_name` VARCHAR(45) NULL DEFAULT NULL,
`role_desc` VARCHAR(100) NULL DEFAULT NULL,
`role_authority` VARCHAR(300) NOT NULL,
PRIMARY KEY (`role_id`))
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8;
CREATE TABLE IF NOT EXISTS `user_details` (
`user_id` INT(11) NOT NULL AUTO_INCREMENT,
`display_name` VARCHAR(45) NULL DEFAULT NULL,
`password` VARCHAR(45) NULL DEFAULT NULL,
`emp_id` INT(11) NULL DEFAULT NULL,
`email` VARCHAR(45) NULL DEFAULT NULL,
`mobile` VARCHAR(45) NULL DEFAULT NULL,
`creation_time` DATETIME NULL DEFAULT CURRENT_TIMESTAMP,
`status` TINYINT(1) NULL DEFAULT 0,
PRIMARY KEY (`user_id`))
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8;
CREATE TABLE IF NOT EXISTS `user_role_details` (
`user_details_user_id` INT(11) NOT NULL,
`role_details_role_id` INT(11) NOT NULL,
PRIMARY KEY (`user_details_user_id`, `role_details_role_id`),
INDEX `fk_user_details_has_role_details_role_details1_idx` (`role_details_role_id` ASC),
INDEX `fk_user_details_has_role_details_user_details_idx` (`user_details_user_id` ASC),
CONSTRAINT `fk_user_details_has_role_details_user_details`
FOREIGN KEY (`user_details_user_id`)
REFERENCES `user_details` (`user_id`)
ON DELETE NO ACTION
ON UPDATE NO ACTION,
CONSTRAINT `fk_user_details_has_role_details_role_details1`
FOREIGN KEY (`role_details_role_id`)
REFERENCES `role_details` (`role_id`)
ON DELETE NO ACTION
ON UPDATE NO ACTION)
ENGINE = InnoDB
DEFAULT CHARACTER SET = utf8;
注意,我刪除了user_details中的“角色”列,在role_details中將“權限”重命名為“ role_authority”,並將“狀態”從varchar更改為tinyint(1)以將其用作布爾值。
然后,用戶詳細說明sqls:
users-by-username-query=
"SELECT display_name as username, password, status as enabled
FROM user_details as u WHERE u.display_name = ? and status = 1;"
authorities-by-username-query=
"Select u.display_name as username, r.role_authority as authority
FROM
user_details as u
INNER JOIN user_role_details as urd ON u.user_id = urd.user_details_user_id
INNER JOIN role_details as r ON urd.role_details_role_id = r.role_id
WHERE u.display_name = ?"
這樣,您可以將多個角色綁定到每個用戶
請參閱以下涵蓋基礎知識和示例的鏈接http://en.tekstenuitleg.net/blog/spring-security-with-roles-and-rights
一旦您熟悉了基礎知識,請在實現該代碼以進行生產之前,深入了解Spring Security文檔https://docs.spring.io/spring-security/site/docs/3.0.x/reference/ns-config.html 。
如果您使用的是Spring Security 4,則可能更喜歡基於注釋的配置,例如
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("user").password("userpwd").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("adminpwd").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/home").permitAll()
.antMatchers("/admin/**").access("hasRole('ADMIN')")
.and().formLogin()
.and().exceptionHandling().accessDeniedPage("/Access_Denied");
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.