1

在我的网络应用程序中,当我有一种类型的用户(典型用户)时,我执行以下操作:

1) 实施UserDetailsService

public class UserServiceImpl implements UserService, UserDetailsService {
private UserDao userDao;
@Override
public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException
{
    UserEntity user = userDao.loadUserByEmail(username);

    if (user == null) {
        throw new UsernameNotFoundException(String.format(
                getMessageBundle().getString("badCredentials"), username));
    }

    Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
    authorities.add(new SimpleGrantedAuthority("ROLE_USER"));

    User userDetails = new User(user.getEmail(), user.getPassword(),
            authorities);

    return userDetails;
}}

2)为该用户编写配置,security-config.xml如下所示: 

<security:authentication-manager>
    <security:authentication-provider
        user-service-ref="userService">
        <security:password-encoder hash="md5" />
    </security:authentication-provider>
</security:authentication-manager>

<bean id="daoAuthenticationProvider"
    class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="userService" />
    <property name="hideUserNotFoundExceptions" value="false" />
</bean>

但现在我想拥有另一种类型的用户(管理员)。所以,我需要另一种loadUserByUsername方法实现(用户将在哪里得到ROLE_ADMIN)。
我可以写另一个类(AdminServiceImpl),但我的security-config.xml会是什么样子?

4

1 回答 1

0

按照建议,切换到数据库存储。假设您使用 ORM 进行数据库管理:

public class Role implements org.springframework.security.core.GrantedAuthority {
    // implements what must be implemented
}

public class User implements org.springframework.security.core.userdetails.UserDetails {

    // your stuff...

    @ManyToMany(fetch = FetchType.EAGER) // shouldn't be a problem here to fetch eagerly
    private Collection<Role> roles = new HashSet<Role>();

    // add getters and setters

    /**
     * @see org.springframework.security.core.userdetails.UserDetails#getAuthorities()
     */
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return getRoles();
    }

}

public class UserDetailsServiceImpl implements
    org.springframework.security.core.userdetails.UserDetailsService {

    @Override
    public UserDetails loadUserByUsername(String username)
        throws UsernameNotFoundException {
        // Load the user from your database. The ORM will take care of loading his Role collection.
    }

}
于 2015-06-29T15:16:21.133 回答