Spring Security 6与数据库中的用户进行身份验证和授权[已关闭]

64jmpszr  于 2024-01-05  发布在  Spring
关注(0)|答案(1)|浏览(129)

已关闭。此问题需要更多focused。目前不接受回答。
**要改进此问题吗?**更新此问题,使其仅针对editing this post的一个问题。

上个月关门了。
Improve this question
我有一个项目,如网上食品 Spring 订购系统平台,我使用Hibernate与两个模型,像这样:

  1. @Entity
  2. @Table(name = "users")
  3. public class User {
  4.     @Id
  5.     @GeneratedValue(strategy = GenerationType.IDENTITY)
  6.     private Long id;
  7.     
  8.     private String username;
  9.     private String password;
  10.     private String email;
  11.     private Long balance;
  12. }

个字符
我认为这个系统有三个角色:ROLE_SYSAADMIN,ROLE_ADMIN(食品商店),ROLE_CUSTOMER Users和UsersRole存储在数据库中。
如何使用Sping Boot 6为我的应用配置授权和身份验证?
我搜索并做了一些代码。首先,我写了一个自定义的UserDetailService像这样

  1. @Service
  2. public class HiruezUserDetailsService implements UserDetailsService {
  4.     private final UserRepository userRepository;
  5.     
  6.     public HiruezUserDetailsService(UserRepository userRepository) {
  7.         super();
  8.         this.userRepository = userRepository;
  9.     }
  11.     @Override
  12.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  13.         User user = userRepository.findByUsername(username)
  14.                 .orElseThrow(() -> new UsernameNotFoundException("User not found with username: " + username));
  15.         return new HiruezUserDetails(user);
  16.     }
  18. }


然后,自定义UserDetails,如:

  1. public class HiruezUserDetails implements UserDetails {
  2.     
  3.     /**
  4.      * 
  5.      */
  6.     private static final long serialVersionUID = 1L;
  7.     private final User user;
  9.     public HiruezUserDetails(User user) {
  10.         this.user = user;
  11.     }
  13.     @Override
  14.     public Collection<? extends GrantedAuthority> getAuthorities() {
  15.         return Collections.singleton(new SimpleGrantedAuthority("ROLE_" + user.getRole().getName()));
  16.     }
  18.     @Override
  19.     public String getPassword() {
  20.         return user.getPassword();
  21.     }
  23.     @Override
  24.     public String getUsername() {
  25.         return user.getUsername();
  26.     }
  28.     @Override
  29.     public boolean isAccountNonExpired() {
  30.         
  31.         return false;
  32.     }
  34.     @Override
  35.     public boolean isAccountNonLocked() {
  36.         
  37.         return false;
  38.     }
  40.     @Override
  41.     public boolean isCredentialsNonExpired() {
  42.         
  43.         return false;
  44.     }
  46.     @Override
  47.     public boolean isEnabled() {
  48.         
  49.         return false;
  50.     }
  52. }


最后一个是SecurityConfig.java像:

  1. @Configuration
  2. @EnableWebSecurity
  3. public class SecurityConfig {
  4.     @Autowired
  5.     private JdbcTemplate jdbcTemplate;
  6.     
  7.     @Autowired
  8.     private HiruezUserDetailsService hiruezUserDetailsService;
  9.     
  10.     @Bean
  11.     public PasswordEncoder passwordEncoder( ) {
  12.         return new BCryptPasswordEncoder();
  13.     }
  14.     
  15.     @Bean
  16.     public JdbcUserDetailsManager jdbcUserDetailManager() {
  17.         JdbcUserDetailsManager userDetailManager = new JdbcUserDetailsManager();
  18.         userDetailManager.setJdbcTemplate(jdbcTemplate);
  19.         return userDetailManager;
  20.     }
  21.     
  22.     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
  23.         auth
  24.             .userDetailsService(hiruezUserDetailsService)
  25.             .passwordEncoder(passwordEncoder());
  26.     }
  27.     
  28.     @Bean
  29.     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  30.         http
  31.             .authorizeHttpRequests((authorize) -> authorize
  32.                 .requestMatchers("/admin/**").hasRole("SYSADMIN")
  33.                 .requestMatchers("/store/**").hasRole("ADMIN")
  34.                 .requestMatchers("/customer/**").hasRole("CUSTOMER")
  35.                 .anyRequest().authenticated()
  36.             )
  37.             .httpBasic(Customizer.withDefaults())
  38.             .formLogin(form -> form
  39.                     .loginPage("/login")
  40.                     .permitAll()
  41.                 )
  42.             .logout((logout) -> logout.logoutUrl("/logout"));
  44.         return http.build();
  45.     }
  46. }


但我工作....嗯
拜托,帮我修好或者给予我另一种方法。非常感谢。

spring

1条答案

按热度按时间
pnwntuvh

pnwntuvh1#

让我们看看如何解决这个问题

  • 使用管理员先前设置的新列roleId更新用户表实体
  1. @Entity
  2. @Data
  3. @Builder
  4. @NoArgsConstructor
  5. @AllArgsConstructor
  6. @Table(name = "users")
  7. public class User implements UserDetails {
  8.     @Id
  9.     @GeneratedValue(strategy = GenerationType.IDENTITY)
  10.     private Long id;
  12.     private String username;
  13.     private String password;
  14.     private String email;
  15.     private Long balance;
  17.     private Long roleId; // new field , this field will set when admin create user by selecting role
  19.     @Override
  20.     public Collection<? extends GrantedAuthority> getAuthorities() {
  22.         List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
  23.         //authorities.add(new SimpleGrantedAuthority("ROLE_SYSADMIN"));
  24.         //authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
  25.         //authorities.add(new SimpleGrantedAuthority("ROLE_CUSTOMER"));
  27.         // we will set the permission leater
  29.         return authorities;
  30.     }
  32.     @Override
  33.     public String getPassword() {
  34.         return password;
  35.     }
  37.     @Override
  38.     public String getUsername() {
  39.         return username;
  40.     }
  42.     @Override
  43.     public boolean isAccountNonExpired() {
  44.         return true;
  45.     }
  47.     @Override
  48.     public boolean isAccountNonLocked() {
  49.         return true;
  50.     }
  52.     @Override
  53.     public boolean isCredentialsNonExpired() {
  54.         return true;
  55.     }
  57.     @Override
  58.     public boolean isEnabled() {
  59.         return true;
  60.     }
  61. }

字符串

  • 用户存储库表
  1. public interface UserRepository extends JpaRepository<User, Long> {
  2. }

  • 用户角色表和存储库
  1. @Entity
  2. @Data
  3. @Builder
  4. @NoArgsConstructor
  5. @AllArgsConstructor
  6. @Table(name = "user_roles")
  7. public class UserRole {
  8.     @Id
  9.     @GeneratedValue(strategy = GenerationType.IDENTITY)
  10.     private Long id;
  12.     private String name;
  13. }
  15. public interface UserRoleRepository extends JpaRepository<UserRole, Long> {
  16. }

  • 创建自定义身份验证提供程序,以便从用户角色表中读取权限名称,并用于身份验证和授权
  1. @Component
  2. @RequiredArgsConstructor
  3. public class UserAuthenticationProvider implements AuthenticationProvider, UserDetailsService {
  5.     private final UserRepository userRepository;
  6.     private final UserRoleRepository userRoleRepository;
  8.     @Override
  9.     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
  10.         final String username = (authentication.getPrincipal() == null) ? "NONE_PROVIDED" : authentication.getName();
  11.         if (Utils.isEmpty(username)) {
  12.             throw new BadCredentialsException("invalid login details");
  13.         }
  14.         // get user details using Spring security user details service
  15.         UserDetails user = null;
  16.         try {
  17.             user = loadUserByUsername(username);
  19.         } catch (UsernameNotFoundException exception) {
  20.             throw new BadCredentialsException("invalid login details");
  21.         }
  22.         return createSuccessfulAuthentication(authentication, user);
  23.     }
  25.     private Authentication createSuccessfulAuthentication(final Authentication authentication, final UserDetails user) {
  27.         User dbUser =  userRepository.findByUsername(user.getUsername());
  28.         UserRole userRole = userRoleRepository.findById(dbUser.getRoleId());
  30.         List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
  31.         authorities.add(new SimpleGrantedAuthority(userRole.getName()));
  33.         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(user.getUsername(), authentication.getCredentials(), authorities);
  34.         token.setDetails(authentication.getDetails());
  35.         return token;
  36.     }
  38.     @Override
  39.     public boolean supports(Class < ? > authentication) {
  40.         return authentication.equals(UsernamePasswordAuthenticationToken.class);
  41.     }
  43.     @Override
  44.     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
  46.         return userRepository.findByUsername(username)
  47.                 .orElseThrow(() -> new UsernameNotFoundException("User not found"));
  48.     }
  49. }

  • 根据您的需要更新您的安全性,但使用上述身份验证提供程序
  1. @Configuration
  2. @EnableWebSecurity
  3. @RequiredArgsConstructor
  4. public class SecurityConfig {
  5.     private final UserAuthenticationProvider userAuthenticationProvider;
  7.     @Bean
  8.     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  9.         http
  10.                 // ...
  11.                 .authenticationProvider(userAuthenticationProvider);
  12.         return http.build();
  13.     }
  14. }

展开查看全部
赞(0)分享  回复(0)举报  2024-01-05
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com