02.注册与登录
注册与登录
这里我们开始讨论 UserDetailsService 的具体实现,首先我们定义用到的用户模型:
@Entity
@Data
public class User {
@Id
@GeneratedValue(strategy= GenerationType.AUTO)
private long id;
@Column
private String username;
@Column
@JsonIgnore
private String password;
@Column
private long salary;
@Column
private int age;
@ManyToMany(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
@JoinTable(name = "USER_ROLES", joinColumns = {
@JoinColumn(name = "USER_ID") }, inverseJoinColumns = {
@JoinColumn(name = "ROLE_ID") })
private Set<Role> roles;
}
@Data
@Entity
public class Role {
@Id
@GeneratedValue(strategy = GenerationType.AUTO)
private long id;
@Column private String name;
@Column private String description;
}
然后我们定义 UserServiceImpl,其继承了 UserDetailsService,提供了 loadUserByUsername 方法:
@Service(value = "userService")
public class UserServiceImpl implements UserDetailsService, UserService {
@Autowired private UserDAO userDao;
@Autowired private BCryptPasswordEncoder bcryptEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userDao.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("Invalid username or password.");
}
return new org.springframework.security.core.userdetails.User(
user.getUsername(), user.getPassword(), getAuthority(user));
}
private Set<SimpleGrantedAuthority> getAuthority(User user) {
Set<SimpleGrantedAuthority> authorities = new HashSet<>();
user.getRoles()
.forEach(
role -> {
// authorities.add(new SimpleGrantedAuthority(role.getName()));
authorities.add(new SimpleGrantedAuthority("ROLE_" + role.getName()));
});
return authorities;
// return Arrays.asList(new SimpleGrantedAuthority("ROLE_ADMIN"));
}
// ...
}
这里 loadUserByUsername 检索到的用户会被填充到 User 对象中,并被添加到 SecurityContext 上下文中。