使用Spring Security + Spring数据+ MongoDB进行身份validation
我想在MongoDB中使用Spring安全性(使用Spring数据)并从我自己的数据库中检索用户以获得spring安全性。 但是,我不能这样做,因为似乎不支持我的userservice类型。
这是我的UserService类:
public class UserService { private ApplicationContext applicationContext; private MongoOperations mongoOperations; public UserService() { applicationContext = new AnnotationConfigApplicationContext(MongoConfig.class); mongoOperations = (MongoOperations) applicationContext.getBean("mongoTemplate"); } public User find(String username) { return mongoOperations.findOne(Query.query(Criteria.where("username").is(username)), User.class); } } 我的SecurityConfig类:
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserService userService; @Autowired public void configAuthBuilder(AuthenticationManagerBuilder builder) throws Exception { builder.userDetailsService(userService); //THIS DOES NOT WORK builder.inMemoryAuthentication().withUser("username").password("password").roles("USER"); } }
我评论的这句话说:
The inferred type UserService is not a valid substitute for the bounded parameter .
我该如何修复它以便从我自己的数据库中检索用户?
服务层
您必须创建一个实现org.springframework.security.core.userdetails.UserDetailsService的单独service并将其注入AuthenticationManagerBuilder 。
@Component public class SecUserDetailsService implements UserDetailsService{ @Autowired private UserRepository userRepository; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { /*Here add user data layer fetching from the MongoDB. I have used userRepository*/ User user = userRepository.findByUsername(username); if(user == null){ throw new UsernameNotFoundException(username); }else{ UserDetails details = new SecUserDetails(user); return details; } } }
模型
UserDetails也应该实现。 这是POJO,它将通过Spring保留用户身份validation的详细信息。 您可以像我一样包含包含在其中的Entity数据对象。
public class SecUserDetails implements UserDetails { private User user; public SecUserDetails(User user) { this.user = user; } ...... ...... ...... }
安全配置
自动assembly我们之前创建的服务,并将其设置在AuthenticationManagerBuilder
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired SecUserDetailsService userDetailsService ; @Autowired public void configAuthBuilder(AuthenticationManagerBuilder builder) throws Exception { builder.userDetailsService(userDetailsService); } }
创建自己的身份validation提供程序,提供扩展UserDetailservice的类。 确保在spring context xml文件中启用内容扫描。
@Service public class UserModelService implements UserDetailsService { @Autowired private UserModelRepositoryImpl repository; public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { UserModel user = repository.findByUsername(username); if( user == null ) throw new UsernameNotFoundException( "Name not found!" ); List authorities = Arrays.asList(new SimpleGrantedAuthority( user.getRole())); return new User(user.getUsername(), user.getSHA1Password(), authorities ); } public void saveUserDetails(UserModel userModel) { repository.save(userModel); }
}
此类将为spring query mongo启用身份validation所需的用户名和密码。 接下来创建用户模型类。
public class UserModel { private String id; @Indexed(unique=true) private String username; private String password; public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; }
创建扩展DAO的用户实现类。
@Service public class UserModelService implements UserDetailsService { @Autowired private UserModelRepositoryImpl repository; public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { UserModel user = repository.findByUsername(username); if( user == null ) throw new UsernameNotFoundException( "Oops!" ); List authorities = Arrays.asList(new SimpleGrantedAuthority( user.getRole())); return new User(user.getUsername(), user.getSHA1Password(), authorities ); }
最后配置mongo,你就完成了。