Java 在Spring Boot JPA应用程序中使用角色
我目前正在使用Spring Boot用Java开发web应用程序。 我在应用程序中使用的内容:Java 在Spring Boot JPA应用程序中使用角色,java,mysql,spring-boot,spring-security,user-roles,Java,Mysql,Spring Boot,Spring Security,User Roles,我目前正在使用Spring Boot用Java开发web应用程序。 我在应用程序中使用的内容: MySQL作为数据源 用于ORM的HibernateJPA 模板用胸腺素 目前,我的数据库有一个用于用户和角色的表。登录、注册和会话工作正常 我已经在网站上创建了一个管理员专用页面 我在为用户创建和使用角色方面遇到问题 我希望数据库中的每个用户都有一个角色,并且能够使用它 在网站上。注册时的默认角色是“用户”,而我 可以手动将用户角色更改为“管理员” MySQL管理员 这是当前我的用户实体类: @
- MySQL作为数据源
- 用于ORM的HibernateJPA
- 模板用胸腺素
@Entity
@Table(name = "user")
public class User extends Auditable {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "id")
private int id;
@Column(name = "email", nullable = false, unique = true)
@Email(message = "Please provide a valid e-mail")
@NotEmpty(message = "Please provide an e-mail")
private String email;
@Column(name = "password")
@Transient
private String password;
@Column(name = "first_name")
@NotEmpty(message = "Please provide your first name")
private String firstName;
@Column(name = "last_name")
@NotEmpty(message = "Please provide your last name")
private String lastName;
@Column(name = "enabled")
private boolean enabled;
@Column(name = "confirmation_token")
private String confirmationToken;
@OneToOne(mappedBy="user", cascade={CascadeType.ALL})
private Role role;
public User() {
}
public User(String firstName, String lastName, String email, String password, Role role) {
this.firstName = firstName;
this.lastName = lastName;
this.email = email;
this.password = password;
this.role = role;
}
/** Getters and setters */
}
@Entity(name="role")
public class Role {
@Id
private Long id;
@OneToOne
private User user;
private Integer role;
/** Getters and setters */
}
@Override
public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {
User user = userRepository.findByEmail(email);
if (user == null){
throw new UsernameNotFoundException("Invalid username or password.");
}
return new org.springframework.security.core.userdetails.User(user.getEmail(),
user.getPassword(), getAuthorities(user.getRole().getRole()));
}
1个角色\u用户
2管理员 问题是,当我将用户保存到数据库时,我需要做什么才能为我保存的用户设置角色?当前,我的表中没有任何用户行具有角色列。 以及如何使其工作以便在我的securityconfig中有规则时
.hasRole("ADMIN")
它不允许没有该角色的用户访问?当前,当我尝试使用该规则访问页面时,它总是返回我配置的“禁止访问”页面。下面是我实现注册并将角色分配给注册用户的代码 1) User.java(@Entity) UserController.java(@Controller)
可能重复我以相同的方式实现它,但在尝试获取某个角色的所有用户时遇到了问题。如果我还需要处理分页,你知道怎么做吗?嗨!请创建一个新的单独问题并提供源代码。提前谢谢!嗨,我提出了这个问题。请帮忙回答。
@Entity
@Table(name = "users")
public class User {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private Long user_id;
private String username;
private String password;
private boolean active;
private String email;
// user roles
@ElementCollection(targetClass = Role.class, fetch = FetchType.EAGER)
@CollectionTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"))
@Enumerated(EnumType.STRING)
private Set<Role> roles;
// Constructors
private User() {}
public User(String username, String password, String email) {
this.username = username;
this.password = password;
this.email = email;
}
// if user is admin
public boolean isAdmin() {
return roles.contains(Role.ADMIN);
}
// Below you can generate getters & setters & toString method.
// Getter and setter for user roles
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
}
public enum Role {
USER,
ADMIN;
}
@Controller
public class UserController{
//login page
@GetMapping("/signin")
public String loginPage() {
return "frontend/login";
}
// registration page
@GetMapping("/signup")
public String signUpPage() {
return "frontend/registration";
}
// User Registration
@PostMapping("/signup")
public String addUser(User user, Map<String, Object> model) {
User userFromDB = userRepository.findByUsername(user.getUsername());
if(userFromDB !=null ) {
model.put("alreadyexists", "Username already exists!");
return "frontend/registration";
}
// Set user apssword (also you can implement BCrypt)
user.setPassword(user.getPassword());
// set user activa
user.setActive(true);
// assign Rolr USER to newly registered user
user.setRoles(Collections.singleton(Role.USER));
userRepository.save(user);
return "redirect:/profile";
}
}
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/","/signup").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/signin").defaultSuccessUrl("/profile")
.permitAll()
.and()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/signout")).logoutSuccessUrl("/signin?bye")
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.dataSource(dataSource)
.usersByUsernameQuery("SELECT username, password, active FROM users WHERE username=?")
.authoritiesByUsernameQuery("SELECT u.username, ur.roles FROM users u INNER JOIN user_role ur ON u.user_id = ur.user_id WHERE u.username=?");
}
}