2
我有一个关于使用春季和冬眠添加新用户的问题。我使用spring安全进行身份验证,并设法使用oracle db进行配置。接下来我想实现注册新用户。在这种情况下,通常的做法是什么?我阅读了一些材料,但其中大多数是用jsp设计和实现的,而我的客户端是用angularjs编写的。 我至今是两个端点/user和/register注册新用户春季和休眠
@Controller
public class UserController {
@Autowired
private RegisterService registerService;
@RequestMapping("/user")
@ResponseBody
public Principal user(Principal user) {
return user;
}
@RequestMapping(value = "/register", method = RequestMethod.POST)
@ResponseBody
public void registerUser() {
User user = new User();
registerService.save(user);
}
}
我相信,我还需要一些服务的控制器。在我而言,这是RegisterService和实施服务RegisterServiceImpl的:
@Service
public class RegisterServiceImpl implements RegisterService {
@Autowired
private UserDao userDao;
@Autowired
private SessionFactory sessionFactory;
@Transactional
@Override
public void save(User user) {
// what should be the implementation of this method?
Session session = sessionFactory.getCurrentSession();
session.save(user);
}
}
这里是我UserDao实体类:
@Entity
@Table(name = "users")
public class User {
@Id
@Column(name = "id")
private int id;
@Column(name = "username")
private String userName;
@Column(name = "password")
private String password;
@Column(name = "email")
private String email;
@Column(name = "is_enabled")
private boolean isEnabled;
@ManyToOne
@JoinColumn(name = "department_id")
private Department department;
@OneToMany(fetch = FetchType.LAZY, mappedBy = "user")
private Set<UserRole> userRole = new HashSet<UserRole>(0);
public User() {
}
public User(String username, String password, Boolean isEnabled, Set<UserRole> userRole) {
this.userName = username;
this.password = password;
this.isEnabled = isEnabled;
this.userRole = userRole;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return userName;
}
public void setUsername(String userName) {
this.userName = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public boolean isEnabled() {
return isEnabled;
}
public void setEnabled(boolean isEnabled) {
this.isEnabled = isEnabled;
}
public Department getDepartment() {
return department;
}
public void setDepartment(Department department) {
this.department = department;
}
public Set<UserRole> getUserRole() {
return this.userRole;
}
public void setUserRole(Set<UserRole> userRole) {
this.userRole = userRole;
}
}
我的安全配置是这样的:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Autowired
LogoutSuccess logoutSuccess;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.antMatchers("/profile", "/logout", "/home").permitAll()
.anyRequest().authenticated()
.and()
.addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class)
.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/app/**");
}
private CsrfTokenRepository csrfTokenRepository() {
HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
repository.setHeaderName("X-XSRF-TOKEN");
return repository;
}
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = new BCryptPasswordEncoder();
return encoder;
}
}
关于用户注册我想设置User中的所有班级成员,但我不确定如何实现这一点。我不认为为每个班级成员创建@PathVariable将是合适的,因为我将发送敏感数据用户名和密码。非常感谢您的回答!
请告诉我,您并未将密码作为纯文本存储在数据库中。 – bradimus
您尚未明确提及您如何使用spring安全性对现有用户进行身份验证。你如何用angularjs设计你的页面?以及你如何在客户端和服务器之间进行通信。您提供的信息有点不足 – Acewin
它们不作为播放文本存储。我使用BCryptPasswordEncoder – skywalker