1. 首页
  2. 问答
  3. Spring Security - CouchDB

Spring Security - CouchDB

2010-09-23 90 views
2

我想写授权使用Spring Security。用户数据将被保存在沙发数据库中。我有问题可以访问方法。Spring Security - CouchDB

@PreAuthorize("hasAuthority('ROLE_ADMIN')") 
    @Transactional 
    public void deleteDriver(Driver driver) { 
     dataService.deleteDrivers(driver); 
    }..

此注释@PreAuthorize无效。我写道:

<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" jsr250-annotations="enabled">

到Aplication上下文-security.xml文件

来源

2010-09-23 IDanil

+0

你能改说吗?我发现很难看到要问什么。 – 2010-09-23 11:16:28

+0

有什么好的教程来实现CouchDB的Spring Security Core? – 2014-01-26 06:20:27

+1

@ code4jhon如果你仍然需要它我回答这个问题,它可能会帮助:) – gonzalon 2015-07-17 06:23:46

回答

0

我敢打赌,你已经解决你的问题,但也许这可以帮助别人......

1的配置应用程序

您需要添加您自己的实施UserDetailsS​​ervice

用户实体 

public class CustomUserDetail extends org.springframework.security.core.userdetails.User { 

    public CustomUserDetail(String username, String password, Collection<? extends GrantedAuthority> authorities) { 
     super(username, password, authorities); 
    } 
}

3- UserRepository

执行 
public class AppConfig extends WebMvcAutoConfiguration { 
... 
    @Bean 
    public UserSecurityService userSecurityService() { 
     return new UserSecurityService(); 
    } 
... 
}

2- 

@Component public class UserRepository extends CouchDbRepositorySupport<User> { ... @View(name = "findUserByUsername", map = "function(doc) { if (doc.docType == 'User') emit(doc.username, doc._id) }") public User findUserByUsername(String username) { return queryViewReturnSingleEntity("findUserByUsername",username); } ... }

4- 的UserDetailsS​​ervice,UserSecurityService

public class UserSecurityService implements UserDetailsService { 

    @Autowired 
    private UserRepository userRepo; 

    @Override 
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException 
    { 
     //Spring user 
     UserDetails userDetails = null; 

     //CouchDB Object 
     User user = userRepo.getByUsername(username); 

     List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>(); 
     String rol = user.getRol(); 
     grantedAuths.add(new SimpleGrantedAuthority(rol)); 

     if(user != null){ 
      //Spring user implementation 
      userDetails = new CustomUserDetail(user.getUsername(), user.getPassword(), grantedAuths); 
     } 

     if (userDetails == null) { 
      throw new UsernameNotFoundException("User not found"); 
     } 

     return userDetails; 
    } 
}

5最后,你必须扩展GlobalMethodSecurityConfiguration

@Configuration 
@EnableGlobalMethodSecurity(prePostEnabled = true) 
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {     

    @Override 
    protected MethodSecurityExpressionHandler createExpressionHandler() { 
     DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); 
     return expressionHandler; 
    } 
}

惠特这一切,现在你可以添加:

@PreAuthorize("hasRole('ROLE_SUPER_USER')")

为了验证关于用户角色的访问。

来源

2015-02-24 02:34:06 gonzalon

相关问题

 相关问题