2. 질의 응답
  3. 봄 보안 인증 관리 문제

봄 보안 인증 관리 문제

2017-03-09 2 views
0

나는이 내 인증 관리자 내 applicacion에서 다음 엔티티 (사용자 및 역할)봄 보안 인증 관리 문제

엔티티 사용자

@Entity 
@Table(name="users") 
public class User { 

    @Id 
    @GeneratedValue 
    private Integer id; 

    private String username; 

    private String password; 

    @OneToOne(cascade=CascadeType.ALL) 
    @JoinTable(name="user_roles", 
      joinColumns = {@JoinColumn(name="user_id", referencedColumnName="id")}, 
      inverseJoinColumns = {@JoinColumn(name="role_id", referencedColumnName="id")} 
    ) 
    private Role role; 

    public Integer getId() { 
     return id; 
    } 

    public void setId(Integer id) { 
     this.id = id; 
    } 

    public String getUsername() { 
     return username; 
    } 

    public void setUsername(String username) { 
     this.username = username; 
    } 

    public String getPassword() { 
     return password; 
    } 

    public void setPassword(String password) { 
     this.password = password; 
    } 

    public Role getRole() { 
     return role; 
    } 

    public void setRole(Role role) { 
     this.role = role; 
    } 

}

엔티티 역할

@Entity 
@Table(name="roles") 
public class Role { 

    @Id 
    @GeneratedValue 
    private Integer id; 

    private String role; 

    @OneToMany(cascade=CascadeType.ALL) 
    @JoinTable(name="user_roles", 
      joinColumns = {@JoinColumn(name="role_id", referencedColumnName="id")}, 
      inverseJoinColumns = {@JoinColumn(name="user_id", referencedColumnName="id")} 
    ) 
    private Set<User> userRoles; 

    public Integer getId() { 
     return id; 
    } 

    public void setId(Integer id) { 
     this.id = id; 
    } 

    public String getRole() { 
     return role; 
    } 

    public void setRole(String role) { 
     this.role = role; 
    } 

    public Set<User> getUserRoles() { 
     return userRoles; 
    } 

    public void setUserRoles(Set<User> userRoles) { 
     this.userRoles = userRoles; 
    } 

}

입니다했다 , 나는 여기에 문제가 있다고 확신한다.

<authentication-manager> 
    <authentication-provider> 
     <jdbc-user-service data-source-ref="dataSource" 
          users-by-username-query= 
            "select username,password from users where username=?" 
          authorities-by-username-query= 
            "select user_id, role_id from user_roles where user_id =? " /> 
    </authentication-provider> 
</authentication-manager>

SQL 문장의 형성에 문제가 있는데,이 문제를 해결하는 데 도움이 될 수 있습니까?

출처

2017-03-09 jc1992

답변

1

봄 최대 절전 모드 개념을 사용하여 보안을 구현하는 더 좋은 방법을 권장합니다.

부담없이 물어보십시오.

보안 XML :

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.2.xsd"> 

    <import resource="servlet-context.xml"/> 

    <security:global-method-security pre-post-annotations="enabled"></security:global-method-security> 

    <security:http auto-config="true" use-expressions="true"> 
     <security:intercept-url pattern="/login" access="permitAll()"/> 
     <security:intercept-url pattern="/" access="permitAll()"/> 
     <security:intercept-url pattern="/register/**" access="permitAll()"/> 
     <security:intercept-url pattern="/admin/**" access="isAuthenticated()"/> 
     <security:intercept-url pattern="/admin/saveLocation" access="permitAll()"/> 
      <security:intercept-url pattern="/admin/addFriend" access="permitAll()"/> 

     <security:form-login login-page="/login?error=0" 
        username-parameter="userName" 
        password-parameter="password" 
        authentication-success-handler-ref="customSuccessHandler" 
        authentication-failure-url="/login?error=1" /> 

     <security:access-denied-handler error-page="/accessDenied"/> 

     <security:logout delete-cookies="JSESSIONID" invalidate-session="true" success-handler-ref="logoutSuccessHandler"/> 

     <security:csrf disabled="true"/> 

     <security:headers> 
      <security:cache-control/> 
     </security:headers> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider user-service-ref="userAuthenticator"> 
     </security:authentication-provider> 
    </security:authentication-manager> 

    <bean id="customSuccessHandler" class="com.mycompany.lts.security.CustomSuccessHandler"></bean> 

    <bean id="userAuthenticator" class="com.mycompany.lts.security.UserAuthenticator"></bean> 

    <bean id="logoutSuccessHandler" class="com.mycompany.lts.security.LogoutSuccessHandler"></bean> 
</beans>

UserAuthenticator.java

import java.util.Arrays; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.security.core.GrantedAuthority; 
import org.springframework.security.core.authority.SimpleGrantedAuthority; 
import org.springframework.security.core.userdetails.User; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 
import com.mycompany.lts.entities.UserDetail; 
import com.mycompany.lts.exception.MyException; 
import com.mycompany.lts.service.UserService; 
public class UserAuthenticator implements UserDetailsService { 
@Autowired 
private UserService userService; 
@Override 
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
UserDetail entity = null; 
System.out.println(" LOAD BY USER NAME ---- LOADING USERS "); 
try { 
entity = userService.getUserByUserName(username); 
} catch (MyException e) { 
e.printStackTrace(); 
} 
GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); 
UserDetails userDetails = (UserDetails) new User(entity.getUserName(), entity.getPassword(), 
Arrays.asList(authority)); 
return userDetails; 
} 

}

실행 쿼리

@Override 
public UserDetail getUserByUserName(String userName) throws MyException { 
    try { 
     Session session = sessionFactory.getCurrentSession(); 
     return (UserDetail) session.createCriteria(UserDetail.class).add(Restrictions.eq("userName", userName)) 
       .uniqueResult(); 

    } catch (Exception e) { 
     throw new MyException(e.getMessage()); 
    } 
}

출처

2017-03-10 07:12:33

+0

는 XML을 config (설정)을 추적 할 수없는 가망인가? XML을 사용하여 모든 구성 작업을 수행하려고하므로 나에게 도움이되는 링크를 제공 할 수 있습니까? 문안 인사! – jc1992

+0

나는 자바 지원과 XML 구성을 가지고 답변을 공유했습니다. 나는 이상적인 방법이라고 느낍니다. 다른 답변으로 참조 할 수 있도록 내 보안 xml을 공유합니다. –

관련 문제

 관련 문제