2

我正在尝试实现 deadbolt2 组,但我很困惑我应该如何实现这一目标。我正在使用带有 MySQL 数据库的 Play 2.2.1、Deadbolt 2.2.RC4 和 Hibernate 4.3.1。

我已经能够实现一些 Deadbolt:。我可以登录、注册用户和注释方法@SubjectPresent我现在想用这个来注释我的函数:@Restrict(@Group("Administrator")).

我一直使用Deadbolt2-java-example作为指南,但是关于组的部分对我来说似乎很模糊。

在模型 AuthorisedUser 我有:

    @ManyToMany
public List<SecurityRole>   roles;

在我的数据库中,这会创建一个名为AuthorisedUser_SecurityRole“我遇到的问题”的表,我不知道应该如何查询该表。输入表名会给我一个运行时错误。AuthorisedUser_SecurityRole is not mapped. 如果我输入同样适用roles

我当时想知道的是:

  1. 如何以及在哪里创建新组?
  2. 如何检索/查询列表roles(用户所属的组列表)
  3. 如何向用户添加组?

如果您需要查看我的任何代码,请告诉我,但我不确定您需要查看什么,因为大多数代码都是来自 deadbolt 示例的标准代码。

4

1 回答 1

1

Roles

The roles held by a user should be available from your AuthorisedUser object. The AuthorisedUser class must implement be.objectify.deadbolt.core.models.Subject, and the getRoles() method returns your roles.

If you're using an ORM such as Hibernate, roles will be populated when you access it via AuthorisedUser.

Groups

The strings provided to the Group annotation need to match the name of the security role.

So, you would have a SecurityRole whose getName() method returns "Administrator". All users who are administrators have this role. When the user attempts to access your restricted method, Deadbolt checks the roles held by that user and matches the name provided in Group to the name of the role.

If you have more than one parameter in Group, e.g. @Restrict(@Group("Foo", "Bar")) the user must have both the Foo and Bar roles. The parameters of a Group define an AND relationship.

To have an OR relationship, use multiple Groups, e.g. @Restrict(@Group("Foo"), @Group("Bar")) - in this case, the user must have a Foo or Bar role.

于 2014-03-24T07:47:30.847 回答