发表新帖
发表新帖

Spring Security/Spring Boot - How to set ROLES for users

后端 未结
关注
3 628
小蘑菇
小蘑菇 2021-01-31 11:43

When I logged in using security, I cannot use the request.isUserInRole() method. I think the roles of the users was not set.

This is my Security Configurati

相关标签:
3条回答
  • 予麋鹿
    2021-01-31 12:04

    You should fill in the content of role by yourself when creating your UserDetails:

    public class SecurityUser implements UserDetails{
    String ROLE_PREFIX = "ROLE_";

    String userName;
    String password;
    String role;

    public SecurityUser(String username, String password, String role){
        this.userName = username;
        this.password = password;
        this.role = role;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();

        list.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));

        return list;
    }

    Basically, what you need to do is override method: getAuthorities, and fill in the content of your role field into the GrantedAuthority list.

    0 讨论(0)
  • 甜味超标
    2021-01-31 12:06

    What Divelnto, zapl and thorinkor said is right. But the question should be about "Role" and NOT "Roles". OR, if you are having users and roles into one table, its a bad design. You might want to take a relook at your design approach. You should have a separate role entity. And in your UserService you can do something like:

    AppUser user = userRepository.findByUsername(username);

Set<GrantedAuthority> grantedAuthorities = new HashSet<>(); // use list if you wish
for (AppRole role : user.getRoles()) {
    grantedAuthorities.add(new SimpleGrantedAuthority(role.getName()));
}
return new org.springframework.security.core.userdetails.User(
        user.getUsername(),
        user.getPassword(),
        grantedAuthorities
);

    Samples: sample1 sample2 sample3

    In DB, you can store role name as - (e.g.) ADMIN/EDITOR/VIEWER in the database or store roles as ROLE_ADMIN/ROLE_... then you might wanna use hasRole/hasAuthoriy. Hope it helps.

    For reference, take a look at here:

    Spring Security Related 1

    Spring Security Related 2

    0 讨论(0)
  • 耶瑟儿~
    2021-01-31 12:09

    For adding Roles you need to have a table containing username and its corresponding role.
    Suppose a user has two roles namely, ADMIN and USER

    One User can have multiple roles.

    @Override
public Collection<? extends GrantedAuthority> getAuthorities() {
    final List<SimpleGrantedAuthority> authorities = new LinkedList<>();
    if (enabled) {
        if (this.getUser().isAdmin()) {
            authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
        }
        authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
    }
        return authorities;
}

    This can be called as,

    private UsernamePasswordAuthenticationToken getAuthentication(
final String token, final HttpServletRequest req,
final HttpServletResponse res){
    return new UsernamePasswordAuthenticationToken(userAccount, null,
    userAccount.getAuthorities());
}
    0 讨论(0)
 看不清?
提交回复
热议问题