2
我有一個關於使用春季和冬眠添加新用戶的問題。我使用spring安全進行身份驗證,並設法使用oracle db進行配置。接下來我想實現註冊新用戶。在這種情況下,通常的做法是什麼?我閱讀了一些材料,但其中大多數是用jsp設計和實現的,而我的客戶端是用angularjs編寫的。 我至今是兩個端點/user和/register註冊新用戶春季和休眠
@Controller
public class UserController {
@Autowired
private RegisterService registerService;
@RequestMapping("/user")
@ResponseBody
public Principal user(Principal user) {
return user;
}
@RequestMapping(value = "/register", method = RequestMethod.POST)
@ResponseBody
public void registerUser() {
User user = new User();
registerService.save(user);
}
}
我相信,我還需要一些服務的控制器。在我而言,這是RegisterService和實施服務RegisterServiceImpl的:
@Service
public class RegisterServiceImpl implements RegisterService {
@Autowired
private UserDao userDao;
@Autowired
private SessionFactory sessionFactory;
@Transactional
@Override
public void save(User user) {
// what should be the implementation of this method?
Session session = sessionFactory.getCurrentSession();
session.save(user);
}
}
這裏是我UserDao實體類:
@Entity
@Table(name = "users")
public class User {
@Id
@Column(name = "id")
private int id;
@Column(name = "username")
private String userName;
@Column(name = "password")
private String password;
@Column(name = "email")
private String email;
@Column(name = "is_enabled")
private boolean isEnabled;
@ManyToOne
@JoinColumn(name = "department_id")
private Department department;
@OneToMany(fetch = FetchType.LAZY, mappedBy = "user")
private Set<UserRole> userRole = new HashSet<UserRole>(0);
public User() {
}
public User(String username, String password, Boolean isEnabled, Set<UserRole> userRole) {
this.userName = username;
this.password = password;
this.isEnabled = isEnabled;
this.userRole = userRole;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return userName;
}
public void setUsername(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public boolean isEnabled() {
return isEnabled;
}
public void setEnabled(boolean isEnabled) {
this.isEnabled = isEnabled;
}
public Department getDepartment() {
return department;
}
public void setDepartment(Department department) {
this.department = department;
}
public Set<UserRole> getUserRole() {
return this.userRole;
}
public void setUserRole(Set<UserRole> userRole) {
this.userRole = userRole;
}
}
我的安全配置是這樣的:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
LogoutSuccess logoutSuccess;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/profile", "/logout", "/home").permitAll()
.anyRequest().authenticated()
.and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/app/**");
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
關於用戶註冊我想設置User中的所有班級成員,但我不確定如何實現這一點。我不認爲爲每個班級成員創建@PathVariable將是合適的,因爲我將發送敏感數據用戶名和密碼。非常感謝您的回答!
請告訴我,您並未將密碼作爲純文本存儲在數據庫中。 – bradimus
您尚未明確提及您如何使用spring安全性對現有用戶進行身份驗證。你如何用angularjs設計你的頁面?以及你如何在客戶端和服務器之間進行通信。您提供的信息有點不足 – Acewin
它們不作爲播放文本存儲。我使用BCryptPasswordEncoder – skywalker