我真的不知道安全性和 spring data jpa 是如何工作的,但是当我尝试从数据库接收其他用户数据时,它就像一个无限循环,仅显示我的帐户信息超过 9k 次,然后几秒钟后它在 Web 浏览器中崩溃,并显示错误 SyntaxError: JSON.parse: untermerated stringliteral at line 1 column 39978 of the JSON data, 我的 userRepository 是我的 UserDetailsServiceImplementation 的一部分,它在 Spring Security 中用作 SQL 数据库的身份验证。一切正常,我的账户可以登录,但无法查询和查看别人的数据信息。
我不知道如何绕过它。也许这是一项安全功能,无法访问其他人的凭据。
用户存储库
@Repository
public interface UserRepository extends JpaRepository<User, Long>{
public User findByUsername(String username);
@Query("SELECT * FROM user")
public List<User> findAll();
}
Controller
@RestController
@RequestMapping("/v1/api")
public class HomeApiController {
@Autowired
private UserRepository userRepository;
@GetMapping("/users")
public List<User> getUsers() {
return userRepository.findAll();
}
}
用户
@Entity
@Table
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column
private String username;
@Column
@JsonIgnore
private String password;
@Column
private boolean enabled;
@ManyToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
private Set<Authority> authorities;
public User() {
}
then field based constructor + getters and setters
权限
@Entity
@Table
public class Authority {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column
private Long id;
@Column
private String role;
@ManyToMany(mappedBy = "authorities")
private Set<User> user;
public Authority() {
}
field constructor + getters and setters
我希望查询和检索数据库中用户表中的所有其他用户,该数据库也用于根据系统中的角色对用户进行授权。
json 输出显示...
{"id":1,"username":"Admin","enabled":true,"authorities":[{"role":"ROLE_USER","user":[{"id":1,"username":"Admin","enabled":true,"authorities":[{"role":"ROLE_USER","user":[{"id":1,"username":"Admin","enabled":true,"authorities":[{"role":"ROLE_USER","user":[{"id":1,"username":"Admin","enabled":true,"authorities":[{"role":"ROLE_USER","user":
并且它是无限嵌套的。 我认为当局有问题 当我清除 user_role 表时,输出效果很好
ID 1 用户名“管理员” 启用 真 当局[]
出了什么问题?
最佳答案
您必须使用@JsonIgnore注释Authority类中的User集,或者根据您在API调用中的需要注释User类中的Authorities集。
@Entity
@Table
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column
private String username;
@Column
@JsonIgnore
private String password;
@Column
private boolean enabled;
@JsonIgnore
@ManyToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"),
inverseJoinColumns = @JoinColumn(name = "role_id"))
private Set<Authority> authorities;
public User() {
}
或者
@Entity
@Table
public class Authority {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
@Column
private Long id;
@Column
private String role;
@JsonIgnore
@ManyToMany(mappedBy = "authorities")
private Set<User> user;
public Authority() {
}
编辑:我还建议使用 DTO 来最小化耦合并避免此类问题
关于java - spring-security + spring-data-jpa 中从 userRepository 接收数据的问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57318971/