使用Spring Security + Spring数据+ MongoDB进行身份验证 [英] Authentication with Spring Security + Spring data + MongoDB

问题描述

我想将Spring安全性与MongoDB一起使用（使用Spring数据）并从我自己的数据库中检索用户以获得Spring安全性。但是，我不能这样做，因为似乎不支持我的userservice类型。

I want to use Spring security with MongoDB (using Spring data) and retrieve the users from my own database for spring security. However, I can not do that since my userservice type does not seem to be supported.

这是我的UserService类：

This is my UserService class:

public class UserService {
    private ApplicationContext applicationContext;
    private MongoOperations mongoOperations;

    public UserService() {
        applicationContext = new AnnotationConfigApplicationContext(MongoConfig.class);
        mongoOperations = (MongoOperations) applicationContext.getBean("mongoTemplate");
    }

    public User find(String username) {
        return mongoOperations.findOne(Query.query(Criteria.where("username").is(username)), User.class);
    }
}

我的SecurityConfig类：

And my SecurityConfig class:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    UserService userService;

    @Autowired
    public void configAuthBuilder(AuthenticationManagerBuilder builder) throws Exception {
        builder.userDetailsService(userService); //THIS DOES NOT WORK
        builder.inMemoryAuthentication().withUser("username").password("password").roles("USER");
    }

}

我评论的行说：

The inferred type UserService is not a valid substitute for the bounded parameter <T extends UserDetailsService>.

我如何修复它以便从我自己的数据库中检索用户？

How can I fix it so I can retrieve the users from my own database?

推荐答案

服务层

你必须创建一个单独的服务实现 org.springframework.security.core.userdetails.UserDetailsS​​ervice 并将其注入 AuthenticationManagerBuilder 。

You have to create a separate service implementing org.springframework.security.core.userdetails.UserDetailsService and inject it inside the AuthenticationManagerBuilder.

@Component
public class SecUserDetailsService implements UserDetailsService{

    @Autowired
    private UserRepository userRepository;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        /*Here add user data layer fetching from the MongoDB.
          I have used userRepository*/
        User user = userRepository.findByUsername(username);
        if(user == null){
            throw new UsernameNotFoundException(username);
        }else{
            UserDetails details = new SecUserDetails(user);
            return details;
        }
    }
}

型号

UserDetails 还应该实现。这是POJO，它将通过Spring保留用户身份验证的详细信息。你可以像我一样包含你的Entity数据对象。

UserDetails Should be also implemented. This is the POJO which will keep the user authenticated details by the Spring. You may include your Entity data object wrapped inside it, as I have done.

public class SecUserDetails implements UserDetails {

    private User user;

    public SecUserDetails(User user) {
        this.user = user;
    }
    ......
    ......
    ......
}

安全配置

自动装配我们之前创建的服务并将其设置在 AuthenticationManagerBuilder

Autowire the service that we created before and set it inside the AuthenticationManagerBuilder

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    SecUserDetailsService userDetailsService ;

    @Autowired
    public void configAuthBuilder(AuthenticationManagerBuilder builder) throws Exception {
        builder.userDetailsService(userDetailsService); 
    }
}

这篇关于使用Spring Security + Spring数据+ MongoDB进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！