1. 首页
  2. 问答
  3. Spring Security在注册时设置角色

Spring Security在注册时设置角色

2016-09-22 71 views
1

我是Spring安全新手,所以我遵循了一些教程,但我无法理解角色的结构如何真正起作用。我有两个表,一个是用户:Spring Security在注册时设置角色

 @Entity 
     @Table(name = "UserProfile", schema = "dbo", catalog = "DevTestTeam") 
     public class UserProfileEntity implements UserDetails{ 

      @Id 
      @GeneratedValue(strategy = GenerationType.IDENTITY) 
      @Column(name = "id", nullable = false) 
      private long id; 

      @Column(name = "enabled", nullable = false) 
      private boolean enabled; 

      @NotEmpty(message = "Enter a password.") 
      @Size(min = 6, max = 15, message = "Password must be between 6 and 15 characters.") 
      @Column(name = "password", nullable = true, length = 100) 
      private String password; 

      @NotEmpty(message = "Enter a username.") 
      @Size(min = 6, max = 20, message = "Username must be between 6 and 20 characters.") 
      @Column(name = "username", nullable = true, length = 20, unique = true) 
      private String username; 

      @OneToOne 
      @JoinColumn(name = "role_id") 
      private RoleEntity role; 

      public RoleEntity getRole() { 
       return role; 
      } 

      public void setRole(RoleEntity role) { 
       this.role = role; 
      } 

      @Override 
      public Collection<? extends GrantedAuthority> getAuthorities() { 
       List<GrantedAuthority> authorities = new ArrayList<>(); 
       authorities.add(new SimpleGrantedAuthority("ROLE_USER")); 
       return authorities; 
      }

,一个用于角色:创建一个新用户时

@Entity 
@Table(name = "Role", schema = "dbo", catalog = "DevTestTeam") 
public class RoleEntity { 

@Id 
@GeneratedValue(strategy = GenerationType.IDENTITY) 
@Column(name = "id", nullable = false) 
private long id; 

@Column(name = "name", nullable = true, length = 255) 
private String name; 

public long getId() { 
    return id; 
} 

public void setId(long id) { 
    this.id = id; 
} 

public String getName() { 
    return name; 
} 

public void setName(String name) { 
    this.name = name; 
}

我的困惑来了。我有一个由UserProfileEntity对象支持的注册表单,并填充了用户名和密码。然后显然很容易setEnabled()= true(为了清晰起见,我将一些getter/setter放在了这个代码之外)。

我的问题是如何在实例化UserProfileEntity时将角色设置为保存在数据库中。我的role_id外键只需要一个整数并从角色表中返回角色,但我不确定如何在实例化时表达这一点。我在角色表中有一个ROLE_USER,ID为1,我觉得这很容易实例化,但我找不到我要找的答案。

UserImpl:

@Service 
public class UserProfileServiceImpl implements UserProfileService{ 
@Autowired 
private UserProfileDao userDao; 

@Override 
public UserProfileEntity findByUser(String username) { 
    return userDao.findByUsername(username); 
} 

@Override 
public List<UserProfileEntity> findAll() { 
    List<UserProfileEntity> list = userDao.findAll(); 
    return list; 
} 

@Override 
public UserProfileEntity save(UserProfileEntity persisted) { 
    userDao.save(persisted); 
    return null; 
} 

@Override 
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
    UserProfileEntity user = userDao.findByUsername(username); 
    if (user == null) { 
     throw new UsernameNotFoundException("User not found."); 
    } 

    return user; 
}

}

来源

2016-09-22 Trevor Bye

回答

1

你需要一些方法库通过名称来获取用户角色:

RoleEntity roleEntity = roleEntityRepository.findByName("ROLE_USER");

然后设置RoleEntityUserProfileEntity之前坚持它:

UserProfileEntity userProfileEntity = new UserProfileEntity(); 
userProfileEntity.setRoleEntity(roleEntity); 
userService.save(userProfileEntity);

你还想要的是让你的UserProfileEntity没有延伸。对于春季安全,你需要UserDetailsService实现:

@Service("userDetailsService") 
public class UserDetailsServiceImpl implements UserDetailsService { 

    @Autowired 
    private UserRepository userRepository; 

    @Override 
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 

     UserProfileEntity userProfileEntity = userRepository.findByUsername(username); 

     if (userProfileEntity == null) { 
      throw new UsernameNotFoundException("Non existing user!"); 
     } 

     return new org.springframework.security.core.userdetails.User(userProfileEntity.getUsername(), 
       userProfileEntity.getPassword(), 
       Arrays.asList(new SimpleGrantedAuthority(userByUsername.getRoleEntity().getName()))); 
    } 

}

不过,我看你的要求很简单 - 每个用户一个角色。因此,您的RoleEntity可能仅仅是与预定义角色枚举:

public enum RoleEntity { 
    ROLE_USER 
}

而且在UserProfileEntity你会使用这样的:

public class UserProfileEntity { 
    @Enumerated(EnumType.STRING) 
    private RoleEntity roleEntity; 
}

要与角色保持用户:

UserProfileEntity userProfileEntity = new UserProfileEntity(); 
userProfileEntity.setRoleEntity(RoleEntity.USER); 
userService.save(userProfileEntity);

来源

2016-09-22 14:53:10

+0

太棒了,谢谢你的建议和不同的选择。今天早上我会和他一起工作,看看我能想出什么。 –

+0

添加了我的Impl类供参考,看起来与您的建议非常相似。 –

+1

感谢您的帮助,我最终使用了您建议的第一种方法,并为我的RoleEntity制作了一个Dao。也感谢你解释你的答案,这个Spring安全性的世界非常深,但我现在明白了很多。 –

相关问题

 相关问题