彈簧安全：單個用戶的多個角色

Question

我的應用程序需要我爲單個用戶定義多個角色。我已閱讀Spring security with database and multiple roles?。

爲什麼要實現我們自己的UserDetails？現有一個包含

Collection getAuthorities(); 

也沒有任何參考或我可以按照執行多個角色爲單個用戶的教程？

Answer 1

對於我所引用的帖子，接受的答案似乎並不正確。您不必爲此創建自己的UserDetailsService實現。已經支持多個角色。見JdbcDaoImpl。您必須確保authoritiesByUsernameQuery與您的數據庫設置相匹配。默認情況下，它的值是select username,authority from authorities where username = ?。該查詢由加載所有權限的loadUserAuthorities方法執行。

Answer 2

如果有人有興趣的逗號分隔當局自定義的UserDetailsS​​ervice：

@Component 
public class MyUserDetailsService implements UserDetailsService { 

    @Resource 
    private AccountService accounts; 

    @Override 
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 

     Account account = accounts.findByUsername(username); 
     if(null == account) { 
      throw new UsernameNotFoundException("User " + username + " not found."); 
     } 

     List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>(); 
     String[] authStrings = account.getAuthorities().split(", "); 
     for(String authString : authStrings) { 
      authorities.add(new SimpleGrantedAuthority(authString)); 
     } 

     UserDetails ud = new User(account.getUsername(), account.getPassword(), authorities); 
     return ud; 
    } 

} 

現在你可以在DB是這樣的：

+----+-----------------------+----------+----------+ 
| id | authorities   | password | username | 
+----+-----------------------+----------+----------+ 
| 1 | ROLE_ADMIN   | 123qwe | markm | 
| 2 | ROLE_ADMIN, ROLE_USER | 123qwe | kemika | 
+----+-----------------------+----------+----------+