Spring Security避免为角色创建表

时间:2016-02-25 21:27:02

标签: spring spring-mvc spring-security

我正在学习Spring Security。我准备好了登录系统,我想添加角色。我见过很多关于它的教程和文档,我找不到我想要的东西。

我不想为Roles创建额外的表,因为我的表用户有一个名为“type”的列,我想用它来进行授权。该列的值可以是“人”,“教师”或“组织”。所以,我想在该列上建立角色系统,而不是在与名为“role”的表的OneToMany或ManyToMany关系中。

我该如何配置?

由于

已更新

我忘记了,我正在使用Spring Data。这是我正在使用的代码

@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    private AuthenticationProvider authenticationProvider;

    @Autowired
    @Qualifier("daoAuthenticationProvider")
    public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this.authenticationProvider = authenticationProvider;
    }

    @Bean
    public PasswordEncoder passwordEncoder(BCryptPasswordEncoder passwordEncoder){
        return passwordEncoder;
    }

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider(BCryptPasswordEncoder passwordEncoder,
                                                               UserDetailsService userDetailsService){

        DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
        daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
        daoAuthenticationProvider.setUserDetailsService(userDetailsService);
        return daoAuthenticationProvider;
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().ignoringAntMatchers("/h2-console").disable()
                .authorizeRequests().antMatchers("/").authenticated()
                .antMatchers("/console/**").permitAll()
                .antMatchers("/static/**").permitAll()
                .antMatchers("/profile").hasAuthority("PERSON")
                .and().formLogin().loginPage("/login").permitAll()
                .and().exceptionHandling().accessDeniedPage("/login")
                .and().logout().permitAll()

        http.headers().frameOptions().disable();
    }


    @Autowired
    public void configureAuthManager(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception{
        authenticationManagerBuilder
                .jdbcAuthentication().authoritiesByUsernameQuery("select type from users where username = ?").and()
                .authenticationProvider(authenticationProvider);
    }




}

1 个答案:

答案 0 :(得分:1)

您可以在Java Config中定义UserDetailsService PasswordEncoder,如下所示:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired private PersonRepository personRepository;

    @Override
    @Autowired
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .userDetailsService(username -> {
                    Person person = personRepository.findByUsername(username);
                    if (person == null) throw new UsernameNotFoundException("Invalid user");

                    return new User(person.getUsername(),
                            person.getPassword(),
                            Collections.singleton(new SimpleGrantedAuthority(person.getType())));
                })
                .passwordEncoder(passwordEncoder())
    }

    // Rest of the configuration
}

在上面的例子中,我猜你有PersonRespository可以访问你的用户信息。有了这个UserDetailsService,您将无法获得AuthenticationProvider。此外,User位于org.springframework.security.core.userdetails包中。

相关问题
最新问题