使用安全性登录时,无法使用该request.isUserInRole()方法。我认为没有设置用户的角色。
request.isUserInRole()
这是我的安全配置:
@Configuration @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled=true) @Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private DataSource dataSource; @Autowired private UserDetailsServiceImplementation userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/signup").permitAll() .antMatchers("/").permitAll() //.antMatchers("/first").hasAuthority("Service_Center") .antMatchers("/login").permitAll() .anyRequest().fullyAuthenticated() .and().formLogin() .loginPage("/login") .usernameParameter("email") .passwordParameter("password") .defaultSuccessUrl("/default") .failureUrl("/login?error").permitAll() .and().logout() .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .logoutSuccessUrl("/login?logout") .deleteCookies("JSESSIONID") .invalidateHttpSession(true).permitAll(); } @Autowired public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService); } }
这是我的User实体:
User
@Entity @Table(name="user") public class User implements Serializable{ /** * */ private static final long serialVersionUID = 1L; @Id @GeneratedValue(strategy = GenerationType.AUTO) @Column(name="user_id") private Long userID; @Column(name="email_address", nullable = false, unique = true) private String emailAddress; @Column(name="password") private String password; @Column(name = "role", nullable = false) @Enumerated(EnumType.STRING) private Role role; public User() { super(); } public User(String emailAddress, String password) { this.emailAddress = emailAddress; this.password = password; } public Long getUserID() { return userID; } public void setUserID(Long userID) { this.userID = userID; } public String getEmailAddress() { return emailAddress; } public void setEmailAddress(String emailAddress) { this.emailAddress = emailAddress; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public Role getRole() { return role; } public void setRole(Role role) { this.role = role; } @Override public String toString() { return "User [userID=" + userID + ", emailAddress=" + emailAddress + ", password=" + password + ", role=" + role + "]"; } public UserDetails toCurrentUserDetails() { return CurrentUserDetails.create(this); } }
这是我的枚举Role:
Role
public enum Role { Fleet_Company, Service_Center, Admin }
这是我的UserDetailsServiceImplementation:
UserDetailsServiceImplementation
@Component public class UserDetailsServiceImplementation implements UserDetailsService { @Autowired private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { if ( username == null || username.isEmpty() ){ throw new UsernameNotFoundException("username is empty"); } User foundUser = userRepository.findByEmailAddress(username); if( foundUser != null ){ System.out.println("FOUND"); return foundUser.toCurrentUserDetails(); } throw new UsernameNotFoundException( username + "is not found"); } }
这是实现的类UserDetails:
UserDetails
public class CurrentUserDetails implements UserDetails { private Long userID; private String emailAddress; private String password; private Role role; public CurrentUserDetails(Long userID, String emailAddress, String password, Role role) { super(); this.userID = userID; this.emailAddress = emailAddress; this.password = password; this.role = role; } /* public static UserDetails create(Users entity) { List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); for(Authorities auth: entity.getAuthorities()){ authorities.add(new SimpleGrantedAuthority(auth.getId().getAuthority())); } return new MyUserDetail(entity.getUserId(), entity.getLoginId(), entity.getPassword(), entity.getDisplayName(), authorities); }*/ public Long getUserID(){ return this.userID; } public Role getRole(){ return this.role; } @Override public String getPassword() { return this.password; } public String getEmailAddress() { return this.emailAddress; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; } public static UserDetails create(User entity) { System.out.println(entity.getUserID()+ entity.getEmailAddress()+ entity.getPassword()+ entity.getRole()); return new CurrentUserDetails(entity.getUserID(), entity.getEmailAddress(), entity.getPassword(), entity.getRole()); } @Override public Collection<? extends GrantedAuthority> getAuthorities() { // TODO Auto-generated method stub return null; } @Override public String getUsername() { // TODO Auto-generated method stub return null; } }
因此,基本上,我们可以看到我的MySQL数据库上只有一个表,它有四列,其中一列是“角色”。
但是就像我说的那样,当我使用时request.isUserInRole("Service_Center"),它返回FALSE。而且.antMatchers("/first").hasAuthority("Service_Center")也不起作用。
request.isUserInRole("Service_Center")
.antMatchers("/first").hasAuthority("Service_Center")
创建UserDetails时,您应该自己填写角色的内容:
public class SecurityUser implements UserDetails{ String ROLE_PREFIX = "ROLE_"; String userName; String password; String role; public SecurityUser(String username, String password, String role){ this.userName = username; this.password = password; this.role = role; } @Override public Collection<? extends GrantedAuthority> getAuthorities() { List<GrantedAuthority> list = new ArrayList<GrantedAuthority>(); list.add(new SimpleGrantedAuthority(ROLE_PREFIX + role)); return list; }
基本上,您需要做的是重写方法:getAuthorities,然后将角色字段的内容填充到GrantedAuthority列表中。
getAuthorities
GrantedAuthority
