如何使用Hibernate / JPA2实现Spring Security用户/权限?

[英]Howto implement Spring Security User/Authorities with Hibernate/JPA2?


I am trying to implement DAOs to work with Spring Security database authentication in Hibernate/JPA2. Spring uses following relations and associations in order to represent user & roles:

我正在尝试实现DAO以在Hibernate / JPA2中使用Spring Security数据库身份验证。 Spring使用以下关系和关联来表示用户和角色:

alt text

repesented as postgresql create query:

作为postgresql创建查询重复:

CREATE TABLE users
(
  username character varying(50) NOT NULL,
  "password" character varying(50) NOT NULL,
  enabled boolean NOT NULL,
  CONSTRAINT users_pkey PRIMARY KEY (username)
);
CREATE TABLE authorities
(
  username character varying(50) NOT NULL,
  authority character varying(50) NOT NULL,
  CONSTRAINT fk_authorities_users FOREIGN KEY (username)
      REFERENCES users (username) MATCH SIMPLE
      ON UPDATE NO ACTION ON DELETE NO ACTION
);

Using the on-board implementations of GrantedAuthorities, UserDetailsService and UserDetailsmanager, everything is fine. However, I am not satisfied with the JDBC implementation of Spring and would like to write my own ones. In order to do so, I tried to create a representation of the relations by following business objects:

使用GrantedAuthorities,UserDetailsS​​ervice和UserDetailsmanager的板载实现,一切都很好。但是,我对Spring的JDBC实现并不满意,并且想编写自己的JDBC实现。为了做到这一点,我试图通过遵循业务对象来创建关系的表示:

The user entity:

用户实体:

@Entity
@Table(name = "users", uniqueConstraints = {@UniqueConstraint(columnNames = {"username"})})
public class AppUser implements UserDetails, CredentialsContainer {

    private static final long serialVersionUID = -8275492272371421013L;

    @Id
    @Column(name = "username", nullable = false, unique = true)
    private String username;

    @Column(name = "password", nullable = false)
    @NotNull
    private String password;

    @OneToMany(
            fetch = FetchType.EAGER, cascade = CascadeType.ALL,
            mappedBy = "appUser"
    )
    private Set<AppAuthority> appAuthorities;

    @Column(name = "accountNonExpired")
    private Boolean accountNonExpired;

    @Column(name = "accountNonLocked")
    private Boolean accountNonLocked;

    @Column(name = "credentialsNonExpired")
    private Boolean credentialsNonExpired;

    @OneToOne(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinColumn(name = "personalinformation_fk", nullable = true)
    @JsonIgnore
    private PersonalInformation personalInformation;

    @Column(name = "enabled", nullable = false)
    @NotNull
    private Boolean enabled;

    public AppUser(
            String username,
            String password,
            boolean enabled,
            boolean accountNonExpired,
            boolean credentialsNonExpired,
            boolean accountNonLocked,
            Collection<? extends AppAuthority> authorities,
            PersonalInformation personalInformation
    ) {
        if (((username == null) || "".equals(username)) || (password == null)) {
            throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
        }

        this.username = username;
        this.password = password;
        this.enabled = enabled;
        this.accountNonExpired = accountNonExpired;
        this.credentialsNonExpired = credentialsNonExpired;
        this.accountNonLocked = accountNonLocked;
        this.appAuthorities = Collections.unmodifiableSet(sortAuthorities(authorities));
        this.personalInformation = personalInformation;
    }

    public AppUser() {
    }

    @JsonIgnore
    public PersonalInformation getPersonalInformation() {
        return personalInformation;
    }

    @JsonIgnore
    public void setPersonalInformation(PersonalInformation personalInformation) {
        this.personalInformation = personalInformation;
    }

    // Getters, setters 'n other stuff

And the authority entity as an implementation of GrantedAuthorities:

而权威实体作为GrantedAuthorities的实现:

@Entity
@Table(name = "authorities", uniqueConstraints = {@UniqueConstraint(columnNames = {"id"})})
public class AppAuthority implements GrantedAuthority, Serializable {
    //~ Instance fields ================================================================================================

    private static final long serialVersionUID = 1L;

    @Id
    @GeneratedValue(strategy = GenerationType.TABLE)
    @Column(name = "id", nullable = false)
    private Integer id;

    @Column(name = "username", nullable = false)
    private String username;

    @Column(name = "authority", nullable = false)
    private String authority;

    // Here comes the buggy attribute. It is supposed to repesent the
    // association username<->username, but I just don't know how to
    // implement it 
    @ManyToOne(fetch = FetchType.EAGER, cascade = CascadeType.ALL)
    @JoinColumn(name = "appuser_fk")
    private AppUser appUser;

    //~ Constructors ===================================================================================================

    public AppAuthority(String username, String authority) {
        Assert.hasText(authority,
                "A granted authority textual representation is required");
        this.username = username;
        this.authority = authority;
    }

    public AppAuthority() {
    }

    // Getters 'n setters 'n other stuff

My problem is the @ManyToOne assoc. of AppAuthorities: It is supposed to be "username", but trying and doing so throws an error, because I've got to typify that attribute as String ... while Hibernate expects the associated entity. So what I tryied is actually providing the correct entity and creating the association by @JoinColumn(name = "appuser_fk"). This is, of course, rubbish, because in order to load the User, I will have the foreign key in username, while Hibernate searches for it in appuser_fk, which will always be empty.

我的问题是@ManyToOne assoc。 AppAuthorities:它应该是“用户名”,但尝试和这样做会引发错误,因为我必须将该属性表示为String ...而Hibernate期望关联的实体。所以我试着提供正确的实体并通过@JoinColumn(name =“appuser_fk”)创建关联。这当然是垃圾,因为为了加载用户,我将在用户名中使用外键,而Hibernate在appuser_fk中搜索它,它始终为空。

So here is my question: any suggestion on how to modify the above metioned code in order to get a correct JPA2 implementation of the data model?

所以这是我的问题:关于如何修改上述代码以获得正确的数据模型JPA2实现的任何建议?

Thanks

3 个解决方案

#1


8  

You AppAuthority doesn't need username at all. Spring Security can't depend on it because it depends on the GrantedAuthority interface which doesn't have any methods to access username.

你AppAuthority根本不需要用户名。 Spring Security不能依赖它,因为它依赖于GrantedAuthority接口,该接口没有任何访问用户名的方法。

But the better practice is to decouple your domain model from Spring Security. When you have a custom UserDetailsService, you don't need to mimic neither Spring Security's default database schema nor its object model. Your UserDetailsService can load your own AppUser and AppAuthority and then create UserDetails and GrantedAuthoritys based on them. This leads to cleaner design with better separation of concerns.

但更好的做法是将您的域模型与Spring Security分离。当您拥有自定义UserDetailsS​​ervice时,您不需要模仿Spring Security的默认数据库架构及其对象模型。您的UserDetailsS​​ervice可以加载您自己的AppUser和AppAuthority,然后根据它们创建UserDetails和GrantedAuthority。这导致更清晰的设计,更好地分离关注点。

#2


0  

This looks like the classic Hibernate problem of using a domain-specific key. A possible fix would be to create a new primary key field; e.g. userId int for the Users and Authorities entities / tables, remove Authorities.userName, and change Users.userName to a unique secondary key.

这看起来像使用特定于域的密钥的经典Hibernate问题。可能的解决方法是创建一个新的主键字段;例如userId int用于Users和Authorities实体/表,删除Authorities.userName,并将Users.userName更改为唯一的二级密钥。

#3


0  

There is one more way that decouples the UserDetailsService from JPA/Hibernate.

还有一种方法可以将UserDetailsS​​ervice与JPA / Hibernate分离。

You can model your User and Authority class as you like and use this while defining userDetailsService in configuration:-

您可以根据需要为User和Authority类建模,并在配置中定义userDetailsS​​ervice时使用它: -

<sec:jdbc-user-service data-source-ref="webDS"
                id="userDetailsService"
                users-by-username-query="SELECT USER_NAME,PASSWORD,TRUE FROM CUSTOMER WHERE USER_NAME=?"
                authorities-by-username-query="SELECT c.USER_NAME,r.ROLE_NAME from CUSTOMER c 
                                          JOIN CUSTOMER_ROLE cr ON c.CUSTOMER_ID = cr.CUSTOMER_ID 
                                          JOIN ROLE r ON cr.ROLE_ID = r.ROLE_ID 
                                          WHERE USER_NAME=?" />

This way you can define fine tuned SQL query to fetch user and roles from your database. All you need to take care of is the table and column name.

这样,您可以定义精细调整的SQL查询,以从数据库中获取用户和角色。您需要注意的是表和列名称。


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2010/09/12/f53a872435c3c41115ab6e187afc0795.html



 
粤ICP备14056181号  © 2014-2021 ITdaan.com