使用Spring Security + Spring数据+ MongoDB进行身份验证 [英] Authentication with Spring Security + Spring data + MongoDB
问题描述
我想将Spring安全性与MongoDB一起使用(使用Spring数据)并从我自己的数据库中检索用户以获得Spring安全性。但是,我不能这样做,因为似乎不支持我的userservice类型。
I want to use Spring security with MongoDB (using Spring data) and retrieve the users from my own database for spring security. However, I can not do that since my userservice type does not seem to be supported.
这是我的UserService类:
This is my UserService class:
public class UserService {
private ApplicationContext applicationContext;
private MongoOperations mongoOperations;
public UserService() {
applicationContext = new AnnotationConfigApplicationContext(MongoConfig.class);
mongoOperations = (MongoOperations) applicationContext.getBean("mongoTemplate");
}
public User find(String username) {
return mongoOperations.findOne(Query.query(Criteria.where("username").is(username)), User.class);
}
}
我的SecurityConfig类:
And my SecurityConfig class:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserService userService;
@Autowired
public void configAuthBuilder(AuthenticationManagerBuilder builder) throws Exception {
builder.userDetailsService(userService); //THIS DOES NOT WORK
builder.inMemoryAuthentication().withUser("username").password("password").roles("USER");
}
}
我评论的行说:
The inferred type UserService is not a valid substitute for the bounded parameter <T extends UserDetailsService>.
我如何修复它以便从我自己的数据库中检索用户?
How can I fix it so I can retrieve the users from my own database?
推荐答案
服务层
你必须创建一个单独的服务
实现 org.springframework.security.core.userdetails.UserDetailsService
并将其注入 AuthenticationManagerBuilder
。
You have to create a separate service
implementing org.springframework.security.core.userdetails.UserDetailsService
and inject it inside the AuthenticationManagerBuilder
.
@Component
public class SecUserDetailsService implements UserDetailsService{
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
/*Here add user data layer fetching from the MongoDB.
I have used userRepository*/
User user = userRepository.findByUsername(username);
if(user == null){
throw new UsernameNotFoundException(username);
}else{
UserDetails details = new SecUserDetails(user);
return details;
}
}
}
型号
UserDetails
还应该实现。这是POJO,它将通过Spring保留用户身份验证的详细信息。你可以像我一样包含你的Entity数据对象。
UserDetails
Should be also implemented. This is the POJO which will keep the user authenticated details by the Spring. You may include your Entity data object wrapped inside it, as I have done.
public class SecUserDetails implements UserDetails {
private User user;
public SecUserDetails(User user) {
this.user = user;
}
......
......
......
}
安全配置
自动装配我们之前创建的服务并将其设置在 AuthenticationManagerBuilder
Autowire the service that we created before and set it inside the AuthenticationManagerBuilder
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
SecUserDetailsService userDetailsService ;
@Autowired
public void configAuthBuilder(AuthenticationManagerBuilder builder) throws Exception {
builder.userDetailsService(userDetailsService);
}
}
这篇关于使用Spring Security + Spring数据+ MongoDB进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!