我的应用程序需要我为单个用户定义多个角色。
我已阅读Spring security with database and multiple roles?。
我们为什么要实现自己的UserDetails?现有的包含
Collection getAuthorities();
还有哪些参考或教程我可以为单个用户实现多个角色?
答案 0 :(得分:2)
您所引用的帖子的已接受答案对我来说似乎不正确。您不必为此创建自己的UserDetailsService
实现。已支持多个角色。见JdbcDaoImpl。您必须确保authoritiesByUsernameQuery
与您的数据库设置匹配。默认情况下,其值为select username,authority from authorities where username = ?
。此查询由加载所有权限的loadUserAuthorities
方法执行。
答案 1 :(得分:0)
如果有人对逗号分隔的权限的自定义UserDetailsService感兴趣:
@Component
public class MyUserDetailsService implements UserDetailsService {
@Resource
private AccountService accounts;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Account account = accounts.findByUsername(username);
if(null == account) {
throw new UsernameNotFoundException("User " + username + " not found.");
}
List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
String[] authStrings = account.getAuthorities().split(", ");
for(String authString : authStrings) {
authorities.add(new SimpleGrantedAuthority(authString));
}
UserDetails ud = new User(account.getUsername(), account.getPassword(), authorities);
return ud;
}
}
现在你可以在db中找到类似的东西:
+----+-----------------------+----------+----------+
| id | authorities | password | username |
+----+-----------------------+----------+----------+
| 1 | ROLE_ADMIN | 123qwe | markm |
| 2 | ROLE_ADMIN, ROLE_USER | 123qwe | kemika |
+----+-----------------------+----------+----------+
答案 2 :(得分:0)
Spring Security支持多于一个的角色开箱即用!
因此,为了节省大家很多时间:
一个人必须为同一用户插入多个条目: 那是在MySQL Workbench中,带有MySQL 5.7.24 还有其他环境-如果您想知道哪个版本可以重现该结果:
<!-- Inherit defaults from Spring Boot -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.1.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- optional, it brings useful tags to display spring security stuff -->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
以下是用于显示和验证已登录帐户权限的示例代码:
<div data-layout-fragment="content" class="content">
<div class="row mt-4">
<div class="col-md-12">
<h2>Show Authorities Glance</h2>
<div class="card">
<div class="card-body">
Logged user: <span data-sec-authentication="name">Bob</span>
Roles: <span data-sec-authentication="principal.authorities">[ROLE_USER, ROLE_ADMIN]</span>
<div data-sec-authorize="isAuthenticated()">
This content is only shown to authenticated users.
</div>
<div data-sec-authorize="hasRole('ROLE_USER')">
This content is only shown to ROLE_USER.
</div>
<div data-sec-authorize="hasRole('ROLE_EMPLOYEE')">
This content is only shown to ROLE_EMPLOYEE.
</div>
<div data-sec-authorize="hasRole('ROLE_FOUNDER')">
This content is only shown to ROLE_FOUNDER.
</div>
<div data-sec-authorize="hasRole('ROLE_ADMIN')">
This content is only shown to ROLE_ADMIN.
</div>
</div>
</div>
</div>
</div>
</div>
<!--<p>-->
<!--<a data-th-href="@{/add-authority}">Add a new authority</a>-->
<!--</p>-->
</div>
哦,这最后一个视图包含百里香叶,不仅包含标准百里香,还包含布局方言。万一您想尝试一下,也需要此依赖项:
<dependency>
<groupId>nz.net.ultraq.thymeleaf</groupId>
<artifactId>thymeleaf-layout-dialect</artifactId>
</dependency>
或者使用布局片段标签:
data-layout-fragment="content"