那些遇到过的问题

Spring Security/Spring Boot - 如何为用户设置ROLES

Les*_*ter 9 java spring spring-mvc spring-security spring-boot

当我使用安全性登录时,我无法使用该request.isUserInRole()方法.我认为没有设置用户的角色.

这是我的安全配置:

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled=true)
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)
public class SecurityConfig extends WebSecurityConfigurerAdapter  {

@Autowired
private DataSource dataSource;

@Autowired
private UserDetailsServiceImplementation userDetailsService;

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
            .authorizeRequests()
            .antMatchers("/signup").permitAll()
            .antMatchers("/").permitAll()
            //.antMatchers("/first").hasAuthority("Service_Center")
            .antMatchers("/login").permitAll()
            .anyRequest().fullyAuthenticated()
    .and().formLogin()
            .loginPage("/login")
            .usernameParameter("email")
            .passwordParameter("password")
            .defaultSuccessUrl("/default")
            .failureUrl("/login?error").permitAll()
    .and().logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/login?logout")
            .deleteCookies("JSESSIONID")
            .invalidateHttpSession(true).permitAll();
}

@Autowired
public void configAuthentication(AuthenticationManagerBuilder auth)
        throws Exception {
    auth.userDetailsService(userDetailsService);

}

}
Run Code Online (Sandbox Code Playgroud)

这是我的User实体:

 @Entity
 @Table(name="user")
 public class User  implements Serializable{
/**
 * 
 */
private static final long serialVersionUID = 1L;

@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name="user_id")
private Long userID;

@Column(name="email_address", nullable = false, unique = true)
private String emailAddress;

@Column(name="password")
private String password;

@Column(name = "role", nullable = false)
@Enumerated(EnumType.STRING)
private Role role;

public User() {
    super();
}

public User(String emailAddress, String password) {
    this.emailAddress = emailAddress;
    this.password = password;
}

public Long getUserID() {
    return userID;
}

public void setUserID(Long userID) {
    this.userID = userID;
}

public String getEmailAddress() {
    return emailAddress;
}

public void setEmailAddress(String emailAddress) {
    this.emailAddress = emailAddress;
}

public String getPassword() {
    return password;
}

public void setPassword(String password) {
    this.password = password;
}

public Role getRole() {
    return role;
}

public void setRole(Role role) {
    this.role = role;
}

@Override
public String toString() {
    return "User [userID=" + userID + ", emailAddress=" + emailAddress
            + ", password=" + password + ", role=" + role + "]";
}

public UserDetails toCurrentUserDetails() {
    return CurrentUserDetails.create(this);
}
}
Run Code Online (Sandbox Code Playgroud)

这是我的枚举Role:

public enum Role {

Fleet_Company, Service_Center, Admin

}
Run Code Online (Sandbox Code Playgroud)

这是我的UserDetailsServiceImplementation:

@Component
public class UserDetailsServiceImplementation implements UserDetailsService    {

@Autowired
private UserRepository userRepository;

@Override
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {
    if ( username == null || username.isEmpty() ){
        throw new UsernameNotFoundException("username is empty");
    }

    User foundUser = userRepository.findByEmailAddress(username);
    if( foundUser != null ){
        System.out.println("FOUND");
        return foundUser.toCurrentUserDetails();

    }
    throw new UsernameNotFoundException( username + "is not found");
}
}
Run Code Online (Sandbox Code Playgroud)

这是实现的类UserDetails:

public class CurrentUserDetails implements UserDetails {
private Long userID;
private String emailAddress;
private String password;
private Role role;


public CurrentUserDetails(Long userID, String emailAddress, String password, Role role) {
    super();
    this.userID = userID;
    this.emailAddress = emailAddress;
    this.password = password;
    this.role = role;
}


  /*    public static UserDetails create(Users entity) {
    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    for(Authorities auth: entity.getAuthorities()){
        authorities.add(new SimpleGrantedAuthority(auth.getId().getAuthority()));
    }
    return new MyUserDetail(entity.getUserId(), entity.getLoginId(), entity.getPassword(), entity.getDisplayName(), authorities);
}*/



public Long getUserID(){
    return this.userID;
}


public Role getRole(){
    return this.role;
}




@Override
public String getPassword() {
    return this.password;
}


public String getEmailAddress() {
    return this.emailAddress;
}


@Override
public boolean isAccountNonExpired() {
    return true;
}

@Override
public boolean isAccountNonLocked() {
    return true;
}


@Override
public boolean isCredentialsNonExpired() {
    return true;
}


@Override
public boolean isEnabled() {
    return true;
}

public static UserDetails create(User entity) {
    System.out.println(entity.getUserID()+ entity.getEmailAddress()+ entity.getPassword()+ entity.getRole());
    return new CurrentUserDetails(entity.getUserID(), entity.getEmailAddress(), entity.getPassword(), entity.getRole());
}

@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
    // TODO Auto-generated method stub
    return null;
}

@Override
public String getUsername() {
    // TODO Auto-generated method stub
    return null;
}
}
Run Code Online (Sandbox Code Playgroud)

所以基本上,我们可以看到我的MySQL数据库上只有一个表,它有四列,其中一列是"角色".

但就像我说的那样,当我使用时request.isUserInRole("Service_Center"),它返回FALSE.而且.antMatchers("/first").hasAuthority("Service_Center")也不起作用.

Div*_*nto 11

在创建UserDetails时,您应该自己填写角色的内容:

public class SecurityUser implements UserDetails{
    String ROLE_PREFIX = "ROLE_";

    String userName;
    String password;
    String role;

    public SecurityUser(String username, String password, String role){
        this.userName = username;
        this.password = password;
        this.role = role;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();

        list.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));

        return list;
    }
Run Code Online (Sandbox Code Playgroud)

基本上,您需要做的是覆盖方法:getAuthorities,并将您的角色字段的内容填入GrantedAuthority列表中.

  • 在getAuthorities方法上添加新角色?看来这不是一个好主意...您应该使用`SecurityContextHolder`并在单独的服务中进行操作。 (2认同)

归档时间:

查看次数:

46274 次

最近记录:

7 年,1 月 前
Spring Security中角色与GrantedAuthority的区别 209
更多相关链接
相关归档
如何设置JDK Netbeans运行? 203
Java的"Parallel.For"? 71
如何在Java中使用方法参数来实现多个接口? 52
在Android上简单导出和导入SQLite数据库 48
使用/从 Springfox 迁移到 springdoc-openapi 有什么优势吗? 21
如何强制spring容器不返回bean的单例实例? 18
HikariPool-1 - 无法验证连接 org.postgresql.jdbc.PgConnection@2a84e649(此连接已关闭。) 6
使用作业存储“org.quartz.simpl.RAMJobStore” - 不支持持久性。并且不聚集 5
Spring Boot 2 Actuator (2.0.1-RELEASE) - 请求和响应主体 5
如何在Liferay 6.1中以编程方式设置"链接到页面"布局? 2
难疑归档
如果我有jQuery背景,"在AngularJS中思考"? 4518
你如何创建一个远程Git分支? 3030
自制安装特定版本的公式? 2072
在Python中获取列表的最后一个元素 1871
使用其名称(字符串)调用模块的函数 1580
Git push需要用户名和密码 1327
wait()和sleep()之间的区别 1158
如何在Vim中移动到行尾? 1140
visibility:hidden和display:none之间有什么区别? 1121
什么是在Vim中评论/取消注释行的快速方法? 1081