在JHipster v6.4.1中,我可以在哪里放置新角色以授权其访问其帐户设置? [英] In JHipster v6.4.1, where can I put new roles to be authorized to access their account-settings?
问题描述
虽然我的具有ROLE_ROOT的测试用户可以查看和配置管理任务,并且可以通过swagger-API在api/account中使用GET更改密码或查看正确的响应正文,但不允许他查看组件'设置",密码"或会话",但通过Angular导航栏菜单项获得Error Page! You are not authorized to access this page..
While my test user with ROLE_ROOT is allowed to see and configure the Administration tasks and can change password or see the correct response body with a GET to api/account within the swagger-API, he is not allowed to see the components 'settings', 'password' or 'sessions' but gets an Error Page! You are not authorized to access this page. via the Angular navbar menu entries.
实际上,我作为udemy练习的一部分添加了其他角色(ROLE_RUNNER,ROLE_ORGANIZER,ROLE_ROOT).我将ROLE_ADMIN的大部分权限更改为ROLE_ROOT.不允许ROLE_ROOT查看或更改实体,并且ROLE_ADMIN无法(也不看到)任何管理任务.
In fact, I added other roles (ROLE_RUNNER, ROLE_ORGANIZER, ROLE_ROOT) as part of an exercise on udemy. I changed most of the authority of ROLE_ADMIN to ROLE_ROOT. ROLE_ROOT isn't allowed to see or change Entities and ROLE_ADMIN can't do (nor see) any of the Administration tasks.
我还添加了ROLE_RUNNER.像使用ROLE_USER一样,除"home"和"account"菜单外,不允许其成员在后端和前端中查看或访问任何内容.
Also I added ROLE_RUNNER. Like with ROLE_USER their members aren't allowed to see or access anything in the backend as well as the frontend - except 'home' and their 'account'-menue.
但是以某种方式,只有默认的JHipster角色ROLE_ADMIN和ROLE_USER能够通过Angular导航栏访问帐户" -Spring REST-Controller映射.我该在哪里告诉Spring还让新角色的成员查看和编辑其帐户设置?
But somehow, only ROLE_ADMIN and ROLE_USER, the default JHipster roles, are able to access the 'account'-Spring REST-Controller mappings via the Angular navbar. Where do I have to tell Spring to also let members of the new roles see and edit their account-settings?
代码可在此处找到: https://github.com/Mesqualito/rfb-loyalty/commit/d3ad5bf3a6a7b0d9926bdcdf99302399faebaf63
推荐答案
对于具有Angular前端的JHipster,授权机制遵循以下模式:
For JHipster with Angular frontend the authorisation mechanism follows this pattern:
1.)春天后端
a.)完全限制对"SecurityConfiguration.java"中实体的访问,例如.antMatchers("/api/customers").hasAuthority(AuthorityConstants.SELLER)基于'AuthoritiesConstants.java'中的用户组(ROLE)
a.) limit access to entities completely in 'SecurityConfiguration.java', e.g. .antMatchers("/api/customers").hasAuthority(AuthorityConstants.SELLER) based on user-groups (ROLEs) from 'AuthoritiesConstants.java'
b.)仅将具有这些ROLE和Spring Secured 注释的控制器资源中的全部,部分或其中一种创建/更新/删除方法限制为访问权限.在"UserResource.java"中
b.) limit access only to all, some or one of the Create/Update/Delete-methods in Controller-Resources with these ROLEs and Spring Secured annotations, e.g. in 'UserResource.java'
@GetMapping("/users/authorities")
@PreAuthorize("hasRole(\"" + AuthoritiesConstants.ROOT + "\")")
public List<String> getAuthorities() {...}
c.)基于后端服务层上的用户登录限制对用户数据的访问,例如在"ProductOrderServiceImpl.java"中
c.) limit access to user-data based on user-login at the backend's service layer, e.g. in 'ProductOrderServiceImpl.java'
public Page<ProductOrder> findAll(Pageable pageable) {
if (SecurityUtils.isCurrentUserInRole(AuthoritiesConstants.SELLER))
{ return productOrderRepository.findAll(pageable); }
else {
return productOrderRepository.findAllByCustomerUserLogin(
SecurityUtils.getCurrentUserLogin().get(), pageable );
}
2.)有角前端
a.)在具有相同ROLE的每个组件的Angular路由级别,例如在authorities: ['ROLE_USER','ROLE_ORGANIZER','ROLE_ROOT','ROLE_RUNNER']
a.) at the Angular routing level for every component with the same ROLEs, e.g. in 'settings.route.ts' with authorities: ['ROLE_USER','ROLE_ORGANIZER','ROLE_ROOT','ROLE_RUNNER']
b.),每个html元素中的JHipster指令*jhiHasAnyAuthority都具有上面的ROLE,例如在"navbar.component.html"中
b.) per JHipster-directive *jhiHasAnyAuthority in any html-Element with the ROLEs from above, e.g. in 'navbar.component.html'
<a *jhiHasAnyAuthority="['ROLE_ADMIN', 'ROLE_ORGANIZER']"
id="entity-menu">Entities</a>
无论Spring还是Angular拒绝用户(或非用户" ROLE_ANONYMOUS)授权,浏览器控制台都显示401 (Unauthorized).
The browser-console shows a 401 (Unauthorized), no matter if Spring or Angular rejects the users (or "non-user" ROLE_ANONYMOUS) authorisation.
这篇关于在JHipster v6.4.1中,我可以在哪里放置新角色以授权其访问其帐户设置?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
