spring 安全定义用户注册 ROLE_USER
spring security defining user registration with ROLE_USER
我正在 Spring MVC 4 中使用 Hibernate 和 [=29= 创建一个项目] 安全。在这个项目中,我有 3 个角色:ROLE_USER、ROLE_COMPANY 和 ROLE_ADMIN。
用户将像常规注册站点一样注册,但我对如何通过注册过程在数据库中保存新用户感到困惑,如何保存由 [=29= 定义的新用户和数据库] 安全性 以及如何使用休眠获取该信息。
谢谢。
您的 User class 会实现 UserDetails,它具有一个或多个权限。例如:
用户
@Entity
@Table(name = "User")
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@NotNull
private String username;
@NotNull
private String password;
@OneToMany(cascade = CascadeType.ALL, mappedBy = "user", fetch = FetchType.EAGER, orphanRemoval = true)
private Set<UserAuthority> authorities;
//helper method to set roles for this user
public void grantRole(UserRole role) {
if (authorities == null) {
authorities = new HashSet<UserAuthority>();
}
authorities.add(role.asAuthorityFor(this));
}
//overrides, getters, setters
}
用户权限
@Entity
@IdClass(UserAuthority.class)
public class UserAuthority implements GrantedAuthority {
@NotNull
@ManyToOne(fetch = FetchType.LAZY)
@JsonIgnore
@Id
private User user;
@NotNull
@Id
private String authority;
//overrides, getters, setters
}
用户角色
public enum UserRole {
USER, COMPANY, ADMIN;
}
创建用户时:
User user = new User();
user.grantRole(UserRole.USER);
repository.save(user);
至于身份验证,您需要实施 UserDetailsService 从存储库中加载用户
UserDetailsService 实现
@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
@Autowired
private UserRepository repository;
private final AccountStatusUserDetailsChecker detailsChecker = new AccountStatusUserDetailsChecker();
@Override
public final User loadUserByUsername(String username) throws UsernameNotFoundException {
final User user = repository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
detailsChecker.check(user);
return user;
}
}
现在在您的安全配置中,您只需使用 UserDetailsService
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
如何获取数据由您决定,我会为此使用 Spring Data JPA。
我正在 Spring MVC 4 中使用 Hibernate 和 [=29= 创建一个项目] 安全。在这个项目中,我有 3 个角色:ROLE_USER、ROLE_COMPANY 和 ROLE_ADMIN。
用户将像常规注册站点一样注册,但我对如何通过注册过程在数据库中保存新用户感到困惑,如何保存由 [=29= 定义的新用户和数据库] 安全性 以及如何使用休眠获取该信息。
谢谢。
您的 User class 会实现 UserDetails,它具有一个或多个权限。例如:
用户
@Entity
@Table(name = "User")
public class User implements UserDetails {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long id;
@NotNull
private String username;
@NotNull
private String password;
@OneToMany(cascade = CascadeType.ALL, mappedBy = "user", fetch = FetchType.EAGER, orphanRemoval = true)
private Set<UserAuthority> authorities;
//helper method to set roles for this user
public void grantRole(UserRole role) {
if (authorities == null) {
authorities = new HashSet<UserAuthority>();
}
authorities.add(role.asAuthorityFor(this));
}
//overrides, getters, setters
}
用户权限
@Entity
@IdClass(UserAuthority.class)
public class UserAuthority implements GrantedAuthority {
@NotNull
@ManyToOne(fetch = FetchType.LAZY)
@JsonIgnore
@Id
private User user;
@NotNull
@Id
private String authority;
//overrides, getters, setters
}
用户角色
public enum UserRole {
USER, COMPANY, ADMIN;
}
创建用户时:
User user = new User();
user.grantRole(UserRole.USER);
repository.save(user);
至于身份验证,您需要实施 UserDetailsService 从存储库中加载用户
UserDetailsService 实现
@Service
public class UserDetailsService implements org.springframework.security.core.userdetails.UserDetailsService {
@Autowired
private UserRepository repository;
private final AccountStatusUserDetailsChecker detailsChecker = new AccountStatusUserDetailsChecker();
@Override
public final User loadUserByUsername(String username) throws UsernameNotFoundException {
final User user = repository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found");
}
detailsChecker.check(user);
return user;
}
}
现在在您的安全配置中,您只需使用 UserDetailsService
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected UserDetailsService userDetailsService() {
return userDetailsService;
}
如何获取数据由您决定,我会为此使用 Spring Data JPA。