[英]Spring Security Set Role On Registration
我是 Spring security 的新手,所以我已經學習了一些教程,但是我無法理解角色的結構是如何真正在幕后工作的。 我有兩張表,一張給用戶:
@Entity
@Table(name = "UserProfile", schema = "dbo", catalog = "DevTestTeam")
public class UserProfileEntity implements UserDetails{
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id", nullable = false)
private long id;
@Column(name = "enabled", nullable = false)
private boolean enabled;
@NotEmpty(message = "Enter a password.")
@Size(min = 6, max = 15, message = "Password must be between 6 and 15 characters.")
@Column(name = "password", nullable = true, length = 100)
private String password;
@NotEmpty(message = "Enter a username.")
@Size(min = 6, max = 20, message = "Username must be between 6 and 20 characters.")
@Column(name = "username", nullable = true, length = 20, unique = true)
private String username;
@OneToOne
@JoinColumn(name = "role_id")
private RoleEntity role;
public RoleEntity getRole() {
return role;
}
public void setRole(RoleEntity role) {
this.role = role;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return authorities;
}
和一個角色:
@Entity
@Table(name = "Role", schema = "dbo", catalog = "DevTestTeam")
public class RoleEntity {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column(name = "id", nullable = false)
private long id;
@Column(name = "name", nullable = true, length = 255)
private String name;
public long getId() {
return id;
}
public void setId(long id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
創建新用戶時,我感到困惑。 我有一個由 UserProfileEntity 對象支持的注冊表單,它填充了用戶名和密碼。 然后顯然很容易 setEnabled()=true (為了清楚起見,我在這段代碼中留下了一些 getter/setter)。
我的問題是在實例化要保存在數據庫中的 UserProfileEntity 時如何設置角色。 我的 role_id 外鍵應該只取一個整數並從 Role 表返回角色,但我不確定在實例化時如何表達。 我在角色表中有一個 ROLE_USER,id 為 1,我覺得這很容易實例化,但我找不到我正在尋找的答案。
用戶實現:
@Service
public class UserProfileServiceImpl implements UserProfileService{
@Autowired
private UserProfileDao userDao;
@Override
public UserProfileEntity findByUser(String username) {
return userDao.findByUsername(username);
}
@Override
public List<UserProfileEntity> findAll() {
List<UserProfileEntity> list = userDao.findAll();
return list;
}
@Override
public UserProfileEntity save(UserProfileEntity persisted) {
userDao.save(persisted);
return null;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserProfileEntity user = userDao.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found.");
}
return user;
}
}
您需要一些存儲庫方法來按名稱獲取用戶角色:
RoleEntity roleEntity = roleEntityRepository.findByName("ROLE_USER");
然后在持久化之前將該RoleEntity
設置為UserProfileEntity
:
UserProfileEntity userProfileEntity = new UserProfileEntity();
userProfileEntity.setRoleEntity(roleEntity);
userService.save(userProfileEntity);
您還想要的是不擴展您的UserProfileEntity
。 對於 Spring Security,您需要UserDetailsService
實現:
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserProfileEntity userProfileEntity = userRepository.findByUsername(username);
if (userProfileEntity == null) {
throw new UsernameNotFoundException("Non existing user!");
}
return new org.springframework.security.core.userdetails.User(userProfileEntity.getUsername(),
userProfileEntity.getPassword(),
Arrays.asList(new SimpleGrantedAuthority(userByUsername.getRoleEntity().getName())));
}
}
但是,我看到您的要求非常簡單 - 每個用戶一個角色。 因此,您的RoleEntity
可能只是一個具有預定義角色的枚舉:
public enum RoleEntity {
ROLE_USER
}
在UserProfileEntity
您可以像這樣使用它:
public class UserProfileEntity {
@Enumerated(EnumType.STRING)
private RoleEntity roleEntity;
}
使用角色持久化用戶:
UserProfileEntity userProfileEntity = new UserProfileEntity();
userProfileEntity.setRoleEntity(RoleEntity.USER);
userService.save(userProfileEntity);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.