定义默认角色

时间:2016-04-26 11:33:03

标签: java spring spring-security roles

我在我的应用程序中使用spring MVC,spring security和hibernate。

点击注册表单上的提交时,我希望注册用户获得默认角色,即USER。

这是类securityConfiguration:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

@Autowired
@Qualifier("customUserDetailsService")
UserDetailsService userDetailsService;

@Autowired
CustomSuccessHandler customSuccessHandler;


@Autowired
public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService);
}



@Override
protected void configure(HttpSecurity http) throws Exception {
  http.authorizeRequests()
    .antMatchers("/login", "/registration").permitAll()
    .antMatchers("/home/**").access("hasRole('USER')")
    .antMatchers("/admin/**").access("hasRole('ADMIN')")
    .antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")
    //.and().formLogin().loginPage("/login")
        .and().formLogin().loginPage("/login").successHandler(customSuccessHandler)
    .usernameParameter("ssoId").passwordParameter("password")
    .and().csrf()
    .and().exceptionHandling().accessDeniedPage("/Access_Denied");
 }

}

这是customUserDetailsS​​ervice:

@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService{

@Autowired
private UserService userService;

@Transactional(readOnly=true)
public UserDetails loadUserByUsername(String ssoId)
        throws UsernameNotFoundException {
    User user = userService.findBySso(ssoId);
    System.out.println("User : "+user);
    if(user==null){
        System.out.println("User not found");
        throw new UsernameNotFoundException("Username not found");
    }
        return new     org.springframework.security.core.userdetails.User(user.getSsoId(),   user.getPassword(), 
             user.getState().equals("Active"), true, true, true,   getGrantedAuthorities(user));
 }


private List<GrantedAuthority> getGrantedAuthorities(User user){
    List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

    for(UserProfile userProfile : user.getUserProfiles()){
        System.out.println("UserProfile : "+userProfile);
        authorities.add(new SimpleGrantedAuthority("ROLE_"+userProfile.getType()));
    }
    System.out.print("authorities :"+authorities);
    return authorities;
 }

 }

请问,我该如何添加默认角色?

0 个答案:

没有答案
相关问题
最新问题