2

我想在我的应用程序中使用组抽象。但是我不明白如何配置它,也不知道我需要哪些表。除了名字等其他内容之外,您还有一个包含用户名、密码和启用列的用户表是否正确?那么你需要这些表groupsgroups_authoritiesgroup_members?

在 user 表和 group_members 表中复制用户名不是很糟糕吗?我不明白它是如何相互关联的。我发现的一些...

https://github.com/SpringSource/spring-security/blob/master/core/src/main/java/org/springframework/security/core/userdetails/jdbc/JdbcDaoImpl.java

create table groups (
  id bigint generated by default as identity(start with 0) primary key,
  group_name varchar_ignorecase(50) not null);

create table group_authorities (
  group_id bigint not null,
  authority varchar(50) not null,
  constraint fk_group_authorities_group foreign key(group_id) references groups(id));

create table group_members (
  id bigint generated by default as identity(start with 0) primary key,
  username varchar(50) not null,
  group_id bigint not null,
  constraint fk_group_members_group foreign key(group_id) references groups(id));
4

1 回答 1

1

Q1:我不确定我是否完全理解你的问题。目前我认为答案是肯定的。

Q2:是的。

Q3:视情况而定。如果您有/将来可能有“更改用户名”功能,那就不好了。好消息是您可以自定义数据库模式。例如,在 users 表中添加一个 id 字段并将该字段用作 PK(在这种情况下确保 username 字段是唯一的)。现在您必须覆盖来自以下位置的默认 SQL 查询org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl

public static final String DEF_USERS_BY_USERNAME_QUERY =
        "select username,password,enabled " +
        "from users " +
        "where username = ?";
public static final String DEF_AUTHORITIES_BY_USERNAME_QUERY =
        "select username,authority " +
        "from authorities " +
        "where username = ?";
public static final String DEF_GROUP_AUTHORITIES_BY_USERNAME_QUERY =
        "select g.id, g.group_name, ga.authority " +
        "from groups g, group_members gm, group_authorities ga " +
        "where gm.username = ? " +
        "and g.id = ga.group_id " +
        "and g.id = gm.group_id";

您可以在安全配置中执行此操作:

  <authentication-manager>
    <authentication-provider>
      <jdbc-user-service data-source-ref="securityDataSource" 
          users-by-username-query="your customized SQL goes here"
          authorities-by-username-query="your customized SQL goes here"
          group-authorities-by-username-query="your customized SQL goes here"
      />
    </authentication-provider>
  </authentication-manager>
于 2013-05-02T09:43:02.143 回答