我的应用程序需要我为单个用户定义多个角色。
我读过Spring security with database and multiple roles?。
我们为什么要实现自己的UserDetails?现有的包含
Collection getAuthorities();
还有任何参考或教程,我可以遵循为单个用户实现多个角色?
您所引用的帖子的已接受答案对我来说似乎不正确。您不必为此创建自己的UserDetailsService
实现。已支持多个角色。见JdbcDaoImpl。您必须确保authoritiesByUsernameQuery
与您的数据库设置匹配。默认情况下,其值为select username,authority from authorities where username = ?
。此查询由加载所有权限的loadUserAuthorities
方法执行。
如果有人对逗号分隔的权限的自定义UserDetailsService感兴趣:
@Component
public class MyUserDetailsService implements UserDetailsService {
@Resource
private AccountService accounts;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Account account = accounts.findByUsername(username);
if(null == account) {
throw new UsernameNotFoundException("User " + username + " not found.");
}
List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
String[] authStrings = account.getAuthorities().split(", ");
for(String authString : authStrings) {
authorities.add(new SimpleGrantedAuthority(authString));
}
UserDetails ud = new User(account.getUsername(), account.getPassword(), authorities);
return ud;
}
}
现在你可以在db中得到这样的东西:
+----+-----------------------+----------+----------+
| id | authorities | password | username |
+----+-----------------------+----------+----------+
| 1 | ROLE_ADMIN | 123qwe | markm |
| 2 | ROLE_ADMIN, ROLE_USER | 123qwe | kemika |
+----+-----------------------+----------+----------+
Spring安全支持开箱即用的多个角色!
所以,为了节省大家好时间的大量时间:
必须为同一个用户插入多个条目:那是在MySQL Workbench中,MySQL 5.7.24还有其他环境 - 如果你想知道哪个版本要重现那个结果:
<!-- Inherit defaults from Spring Boot -->
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.1.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- optional, it brings useful tags to display spring security stuff -->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
以下是显示和验证登录帐户权限的示例代码:
<div data-layout-fragment="content" class="content">
<div class="row mt-4">
<div class="col-md-12">
<h2>Show Authorities Glance</h2>
<div class="card">
<div class="card-body">
Logged user: <span data-sec-authentication="name">Bob</span>
Roles: <span data-sec-authentication="principal.authorities">[ROLE_USER, ROLE_ADMIN]</span>
<div data-sec-authorize="isAuthenticated()">
This content is only shown to authenticated users.
</div>
<div data-sec-authorize="hasRole('ROLE_USER')">
This content is only shown to ROLE_USER.
</div>
<div data-sec-authorize="hasRole('ROLE_EMPLOYEE')">
This content is only shown to ROLE_EMPLOYEE.
</div>
<div data-sec-authorize="hasRole('ROLE_FOUNDER')">
This content is only shown to ROLE_FOUNDER.
</div>
<div data-sec-authorize="hasRole('ROLE_ADMIN')">
This content is only shown to ROLE_ADMIN.
</div>
</div>
</div>
</div>
</div>
</div>
<!--<p>-->
<!--<a data-th-href="@{/add-authority}">Add a new authority</a>-->
<!--</p>-->
</div>
哦,这最后一个视图包含百日咳,而不仅仅是标准方言和布局方言。万一你想尝试一下也需要这种依赖:
<dependency>
<groupId>nz.net.ultraq.thymeleaf</groupId>
<artifactId>thymeleaf-layout-dialect</artifactId>
</dependency>
或者摆脱布局片段标签:
data-layout-fragment="content"