【发布时间】:2016-09-08 10:42:17
【问题描述】:
我希望创建自己的'用户'实体来登录应用程序。
我想知道的是,如果可能,如果可能,我应该在哪里采取预防措施,我应该考虑哪些点以及我需要修改哪些文件?
【问题讨论】:
标签: angularjs spring-security spring-boot jhipster
【发布时间】:2016-09-08 10:42:17
【问题描述】:
您可以创建一个扩展 UserDetailsService 的用户服务,然后创建您的 UserDetail 对象。
应该和这个类似。
创建你的用户类:
public class MyUserDetails implements UserDetails {
private UserEntity user;
private List<GrantedAuthority> authorities;
/**
* Constructor
*/
public MyUserDetails(UserEntity user) {
this.user = user;
this.authorities = Arrays.asList(new SimpleGrantedAuthority(user.getRole().name()));
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getAuthorities()
*/
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return authorities;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getPassword()
*/
@Override
public String getPassword() {
return user.getPassword();
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#getUsername()
*/
@Override
public String getUsername() {
return user.getEmail();
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isAccountNonExpired()
*/
@Override
public boolean isAccountNonExpired() {
return true;
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isAccountNonLocked()
*/
@Override
public boolean isAccountNonLocked() {
return !user.isLocked();
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isCredentialsNonExpired()
*/
@Override
public boolean isCredentialsNonExpired() {
return !user.isExpired();
}
/* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetails#isEnabled()
*/
@Override
public boolean isEnabled() {
return user.isEnabled();
}
/**
* @return the user
*/
public UserEntity getUser() {
return user;
}
/**
* @param user the user to set
*/
public void setUser(UserEntity user) {
this.user = user;
}
}
然后你应该创建你的 UserDetailsService:
@Service
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepo;
/*
* (non-Javadoc)
* @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserEntity user = userDao.findByEmail(username);
if (user == null) {
LOGGER.warn("User {} does not exist in our database", username);
throw new UsernameNotFoundException("User not found.");
}
return new MyUserDetails(user);
}
}
最后,您应该添加 Spring 安全配置以使用您的服务:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailsService userDetailsService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(new Md5PasswordEncoder());
}
}
【讨论】:
你需要通过像这样实现 UserDetailsService 来创建一个用户类
@Transactional
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
MyUser details = userDao.getUser(username);
Collection<simplegrantedauthority> authorities = new ArrayList<simplegrantedauthority>();
SimpleGrantedAuthority userAuthority = new SimpleGrantedAuthority(
"ROLE_USER");
SimpleGrantedAuthority adminAuthority = new SimpleGrantedAuthority(
"ROLE_ADMIN");
if (details.getRole().equals("user"))
authorities.add(userAuthority);
else if (details.getRole().equals("admin")) {
authorities.add(userAuthority);
authorities.add(adminAuthority);
}
UserDetails user = new User(details.getUsername(),
details.getPassword(), true, true, true, true, authorities);
return user;
}
}
然后配置 spring 以使用您的 customuser 对象......就像
<authentication-manager>
<authentication-provider user-service-ref="authService">
</authentication-provider>
</authentication-manager>
完整的例子可以在Spring Custom User with DAO and Entity找到
【讨论】: