我正在创建一个必须使用Spring Security login的应用程序。它是标准的login/logout
,我找到了许多如何创建它的教程。什么不是标准的 - 是数据库中的表角色。我不能更改数据库,我只能使用它。我为用户和角色制作了正确的实体,但我不知道如何正确UserDetailsServiceImpl
使用loadUserByUsername
. 我什至找不到接近的东西...
实体:
@Entity
@Table(name = "user")
public class User implements model.Entity {
@Id
@GeneratedValue
@Column(name = "userId", nullable = false)
private int userId;
@Column(name = "firstName")
private String firstName;
@Column(name = "lastName")
private String lastName;
@Column(name = "login", nullable = false)
private String login;
@Column(name = "password", nullable = false)
private String password;
@ManyToMany(fetch = FetchType.LAZY, cascade = CascadeType.ALL)
@JoinColumn(name = "roleId", nullable = false)
private Set<Role> roleId;
@Transient
private String confirmPassword;
public int getUserId() {
return userId;
}
public void setUserId(int userId) {
this.userId = userId;
}
public String getFirstName() {
return firstName;
}
public void setFirstName(String firstName) {
this.firstName = firstName;
}
public String getLastName() {
return lastName;
}
public void setLastName(String lastName) {
this.lastName = lastName;
}
public String getLogin() {
return login;
}
public void setLogin(String login) {
this.login = login;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Set<Role> getRoleId() {
return roleId;
}
public void setRoleId(Set<Role> roleId) {
this.roleId = roleId;
}
}
角色:
@Entity
@Table(name = "role")
public class Role implements model.Entity {
@Id
@GeneratedValue
@Column(name = "roleId", nullable = false)
private int roleId;
@Column(name = "user")
private boolean user;
@Column(name = "tutor")
private boolean tutor;
@Column(name = "admin")
private boolean admin;
public Role() {} // Empty constructor to have POJO class
public int getRoleId() {
return roleId;
}
public void setRoleId(int roleId) {
this.roleId = roleId;
}
public boolean isUser() {
return user;
}
public void setUser(boolean user) {
this.user = user;
}
public boolean isTutor() {
return tutor;
}
public void setTutor(boolean tutor) {
this.tutor = tutor;
}
public boolean isAdmin() {
return admin;
}
public void setAdmin(boolean admin) {
this.admin = admin;
}
@Override
public String toString() {
return "Role{" +
"roleId=" + roleId +
", user='" + user + '\'' +
", tutor=" + tutor + '\'' +
", admin=" + admin +
'}';
}
}
所以主要问题是如何创建实现 UserDetailsService 的 UserDetailServiceImpl 的实现:
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
...
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
...
return new org.springframework.security.core.userdetails.User(user.getLogin(), user.getPassword(), grantedAuthorities);
}
也许我应该创建一个特殊的类,它返回用户的确切角色。或者也许还有其他方法?
我不要求为我编写代码,只是帮助我告诉我如何使它更好地实现这种角色。主要目标是除Admin
,Tutor
和User
。