我有一个 User
实体,每个存在的用户都应该有 1 个或多个特定角色/权限。比如admin
user
等等。
所以我创建了一个包含 2 个字段的 authorities
表(username
和 authority
)
在我的 application-context-securtiy.xml
我有
<jdbc-user-service id="userService" data-source-ref="dataSource"
users-by-username-query="
select nickname, password, true from users where nickname=?"
authorities-by-username-query= "select username, authority AS authorities
from authorities where username=?"
/>
效果很好。
现在我正在尝试创建一个 jsp 文件,其中列出了我的所有用户及其角色/权限,但我无法执行 user.getAuthorites()
之类的操作并将它们打印在jsp.
我已经尝试实现 UserDetailsService
但我不知道如何连接我的用户和 UserDetailsService。
希望您能给我一些建议。
编辑: jsp 的一部分,我想如何使用它:
<tbody>
<c:forEach var="user" varStatus="stats" items="${users}">
<tr>
<td>
<c:out value="${user.nickname}" />
<c:forEach var="role" varStatus="status_" items="${user.getAuthorities()}">
<c:out value="${role}" />
</c:forEach>
</td>
<td>test</td>
<td>options</td>
</tr>
</c:forEach>
</tbody>
我如何将数据从 Controller 发送到我的 View :
@RequestMapping(value = "/manageUsers", method = RequestMethod.GET)
public String startManageUsers(ModelMap model, Principal principal) {
List<User> list = userService.getUsers();
model.addAttribute("users", list);
return "showUsers";
}
最佳答案
我认为最好的方法是实现 UserDetailsService 和 UserDetails。
UserDetailsService 的示例实现。
@Service
@Transactional
public class UserLoginService implements UserDetailsService {
@Autowired
private UserService userService;
@Override
public UserDetails loadUserByUsername(String userId) throws UsernameNotFoundException {
UserEntity userEntity = this.userService.getUserByUserId(userId);
if (userEntity == null) {
throw new UsernameNotFoundException("User not found");
}
UserLoginBean bean = new UserLoginBean(userEntity.getId(), userEntity.getUserId(), userEntity.getPassword(), userEntity.getEnabled());
bean.setFullname(userEntity.getFullname());
bean.setUserEntity(userEntity);
Set<GrantedAuthority> roles = new HashSet<GrantedAuthority>();
roles.add( new SimpleGrantedAuthority( userEntity.getRole() ) );
bean.setAuthorities(roles);
return bean;
}
}
UserDetails 的示例实现。
public class UserLoginBean implements UserDetails {
private static final long serialVersionUID = 1L;
private Long id;
private String fullname;
private String username;
private String password;
private boolean locked;
private Set<GrantedAuthority> authorities = null;
private UserEntity userEntity;
public UserLoginBean(Long id, String username, String password, boolean locked ) {
this.id = id;
this.username = username;
this.password = password;
this.locked = locked;
}
public boolean isAccountNonExpired() {
return true;
}
public boolean isAccountNonLocked() {
return locked;
}
public boolean isCredentialsNonExpired() {
return true;
}
public boolean isEnabled() {
return true;
}
public Set<GrantedAuthority> getAuthorities() {
return authorities;
}
public void setAuthorities( Set<GrantedAuthority> authorities ) {
if ( this.authorities == null ) {
this.authorities = authorities;
}
}
// setters, getters
}
最后一件事是将 Spring Security 配置为 UserLoginService 作为身份验证提供程序。
例子:
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userLoginService">
<security:password-encoder ref="userPasswordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<bean
<bean id="userLoginService" class="com.stackoverflow.UserLoginService" />
在jsp页面中需要添加:
<%@ taglib prefix="a" uri="http://www.springframework.org/security/tags"%>
<a:authentication property="principal" var="principal" />
现在您可以访问 UserLoginBean 中的所有内容。
<c:if test="${not empty principal && principal != 'anonymousUser'}">
<c:set var="fullname"><c:out value="${principal.fullname}" /></c:set>
</c:if>
关于java - 获取特定用户的所有权限,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15571513/