我目前正在使用Spring Boot在Java中开发Web应用程序。
我正在使用的应用程序:
目前我的数据库有一个用户和角色表。登录,注册和会话工作正常。
我在网站上创建了一个仅限管理员的页面。
我在为用户创建和使用角色时遇到问题。
我希望为数据库中的每个用户创建一个角色,并且能够使用它 在网站上。注册时的默认角色是" USER"和I. 能够手动将用户的角色更改为" ADMIN"在里面 MySQL管理员。
这是我的用户实体类:
@Entity
@Table(name = "user")
public class User extends Auditable {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id")
private int id;
@Column(name = "email", nullable = false, unique = true)
@Email(message = "Please provide a valid e-mail")
@NotEmpty(message = "Please provide an e-mail")
private String email;
@Column(name = "password")
@Transient
private String password;
@Column(name = "first_name")
@NotEmpty(message = "Please provide your first name")
private String firstName;
@Column(name = "last_name")
@NotEmpty(message = "Please provide your last name")
private String lastName;
@Column(name = "enabled")
private boolean enabled;
@Column(name = "confirmation_token")
private String confirmationToken;
@OneToOne(mappedBy="user", cascade={CascadeType.ALL})
private Role role;
public User() {
}
public User(String firstName, String lastName, String email, String password, Role role) {
this.firstName = firstName;
this.lastName = lastName;
this.email = email;
this.password = password;
this.role = role;
}
/** Getters and setters */
}
这是我的角色实体:
@Entity(name="role")
public class Role {
@Id
private Long id;
@OneToOne
private User user;
private Integer role;
/** Getters and setters */
}
在UserService中按用户名加载:
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
User user = userRepository.findByEmail(email);
if (user == null){
throw new UsernameNotFoundException("Invalid username or password.");
}
return new org.springframework.security.core.userdetails.User(user.getEmail(),
user.getPassword(), getAuthorities(user.getRole().getRole()));
}
但由于某种原因,这不起作用。它创造了"角色"数据库中的表,它有两行
id name
1 ROLE_USER
2 ADMIN
问题是,当我将用户保存到数据库时,我需要做什么才能为我正在保存的用户设置角色?目前,我的表中没有任何用户行具有角色列。 我怎样才能使其正常工作以便在我的securityconfig中有规则时使用
.hasRole("ADMIN")
它不允许没有该角色的用户访问?目前,当我尝试使用该规则访问该页面时,它始终返回我已配置的无访问权限页面。
答案 0 :(得分:1)
下面是我用于实现注册并将rolse分配给注册用户的代码。
1)User.java(@Entity)
@Entity
@Table(name = "users")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long user_id;
private String username;
private String password;
private boolean active;
private String email;
// user roles
@ElementCollection(targetClass = Role.class, fetch = FetchType.EAGER)
@CollectionTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"))
@Enumerated(EnumType.STRING)
private Set<Role> roles;
// Constructors
private User() {}
public User(String username, String password, String email) {
this.username = username;
this.password = password;
this.email = email;
}
// if user is admin
public boolean isAdmin() {
return roles.contains(Role.ADMIN);
}
// Below you can generate getters & setters & toString method.
// Getter and setter for user roles
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
}
Role.java(枚举类型)
public enum Role {
USER,
ADMIN;
}
UserController.java(@Controller)
@Controller
public class UserController{
//login page
@GetMapping("/signin")
public String loginPage() {
return "frontend/login";
}
// registration page
@GetMapping("/signup")
public String signUpPage() {
return "frontend/registration";
}
// User Registration
@PostMapping("/signup")
public String addUser(User user, Map<String, Object> model) {
User userFromDB = userRepository.findByUsername(user.getUsername());
if(userFromDB !=null ) {
model.put("alreadyexists", "Username already exists!");
return "frontend/registration";
}
// Set user apssword (also you can implement BCrypt)
user.setPassword(user.getPassword());
// set user activa
user.setActive(true);
// assign Rolr USER to newly registered user
user.setRoles(Collections.singleton(Role.USER));
userRepository.save(user);
return "redirect:/profile";
}
}
WebsecurityConfig.java(春季安全性)
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/","/signup").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/signin").defaultSuccessUrl("/profile")
.permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/signout")).logoutSuccessUrl("/signin?bye")
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("SELECT username, password, active FROM users WHERE username=?")
.authoritiesByUsernameQuery("SELECT u.username, ur.roles FROM users u INNER JOIN user_role ur ON u.user_id = ur.user_id WHERE u.username=?");
}
}