Spring安全性:单个用户的多个角色

时间:2011-04-11 10:12:18

标签: spring-security

我的应用程序需要我为单个用户定义多个角色。

我已阅读Spring security with database and multiple roles?

我们为什么要实现自己的UserDetails?现有的包含

Collection getAuthorities();

还有哪些参考或教程我可以为单个用户实现多个角色?

3 个答案:

答案 0 :(得分:2)

您所引用的帖子的已接受答案对我来说似乎不正确。您不必为此创建自己的UserDetailsService实现。已支持多个角色。见JdbcDaoImpl。您必须确保authoritiesByUsernameQuery与您的数据库设置匹配。默认情况下,其值为select username,authority from authorities where username = ?。此查询由加载所有权限的loadUserAuthorities方法执行。

答案 1 :(得分:0)

如果有人对逗号分隔的权限的自定义UserDetailsS​​ervice感兴趣:

@Component
public class MyUserDetailsService implements UserDetailsService {

    @Resource
    private AccountService accounts;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        Account account = accounts.findByUsername(username);
        if(null == account) {
            throw new UsernameNotFoundException("User " + username + " not found.");
        }

        List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
        String[] authStrings = account.getAuthorities().split(", ");
        for(String authString : authStrings) {
            authorities.add(new SimpleGrantedAuthority(authString));
        }

        UserDetails ud = new User(account.getUsername(), account.getPassword(), authorities);
        return ud;
    }

}

现在你可以在db中找到类似的东西:

+----+-----------------------+----------+----------+
| id | authorities           | password | username |
+----+-----------------------+----------+----------+
|  1 | ROLE_ADMIN            | 123qwe   | markm    |
|  2 | ROLE_ADMIN, ROLE_USER | 123qwe   | kemika   |
+----+-----------------------+----------+----------+

答案 2 :(得分:0)

Spring Security支持多于一个的角色开箱即用!

因此,为了节省大家很多时间:

一个人必须为同一用户插入多个条目: enter image description here 那是在MySQL Workbench中,带有MySQL 5.7.24 还有其他环境-如果您想知道哪个版本可以重现该结果:

    <!-- Inherit defaults from Spring Boot -->
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.1.1.RELEASE</version>
    </parent>
<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <!-- optional, it brings useful tags to display spring security stuff -->
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
        </dependency>

然后验证我是否创建了此页面,并: enter image description here

以下是用于显示和验证已登录帐户权限的示例代码:

<div data-layout-fragment="content" class="content">
    <div class="row mt-4">
    <div class="col-md-12">
        <h2>Show Authorities Glance</h2>
        <div class="card">
        <div class="card-body">
            Logged user: <span data-sec-authentication="name">Bob</span>
            Roles: <span data-sec-authentication="principal.authorities">[ROLE_USER, ROLE_ADMIN]</span>
            <div data-sec-authorize="isAuthenticated()">
            This content is only shown to authenticated users.
            </div>
            <div data-sec-authorize="hasRole('ROLE_USER')">
            This content is only shown to ROLE_USER.
            </div>
            <div data-sec-authorize="hasRole('ROLE_EMPLOYEE')">
            This content is only shown to ROLE_EMPLOYEE.
            </div>
            <div data-sec-authorize="hasRole('ROLE_FOUNDER')">
            This content is only shown to ROLE_FOUNDER.
            </div>
            <div data-sec-authorize="hasRole('ROLE_ADMIN')">
            This content is only shown to ROLE_ADMIN.
            </div>
        </div>
        </div>
    </div>
    </div>
</div>
<!--<p>-->
    <!--<a data-th-href="@{/add-authority}">Add a new authority</a>-->
<!--</p>-->
</div>

哦,这最后一个视图包含百里香叶,不仅包含标准百里香,还包含布局方言。万一您想尝试一下,也需要此依赖项:

<dependency>
    <groupId>nz.net.ultraq.thymeleaf</groupId>
    <artifactId>thymeleaf-layout-dialect</artifactId>
</dependency>

或者使用布局片段标签:

data-layout-fragment="content"