在春季安全中删除了重复的grantedAuthorities

【问题标题】:Duplicate grantedAuthorities are removed in spring security在春季安全中删除了重复的grantedAuthorities
【发布时间】:2021-01-07 00:23:28
【问题描述】:

我正在编写一个带有 spring boot、angularjs、jpa 的用户管理系统......所有用户的功能都将分配给 grantedauthorities 并将发送回 angularjs 以相应地设计主页但即使我正在分配ArrayList 而不是 HashSet 的权限,仍然删除了重复的功能。

循环结束时grantedauthorities 的大小为 12,一切正常,但当它返回响应时,重复项被删除。

@Service
public class UserDetailsServiceImpl implements UserDetailsService {

   @Autowired
   private UserJpaRepository userJpaRepository;

   @Autowired
   private RoleFeaturesJpaRepository roleFeaturesJpaRepository;

   @Override
   @Transactional
   public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException  {

      User user = userJpaRepository.findByUsername(username);
      if (user == null) {
         throw new UsernameNotFoundException(
                    "Opps! user not found with user-name: " + username);
      }

      return new org.springframework.security.core.userdetails.User(
         user.getUsername(), user.getPassword(),
         getAuthorities(user)
      );
   }

   private Collection<GrantedAuthority> getAuthorities(User user) {
         
      ArrayList<GrantedAuthority> grantedAuthorities = new ArrayList<>();
      Role role = user.getRoles();
      for (Features features : role.getFeatures()){
          RoleFeaturesPK roleFeaturesPK = new RoleFeaturesPK();
          roleFeaturesPK.setRoleId(role.getId());
          roleFeaturesPK.setFeatureId(features.getId());
          Optional<RoleFeatures> roleFeatures = roleFeaturesJpaRepository.findById(roleFeaturesPK);
          RoleFeatures features_entity = roleFeatures.get();
          grantedAuthorities.add(new SimpleGrantedAuthority(features.getName()));
          grantedAuthorities.add(new SimpleGrantedAuthority(features_entity.getReadOption()));
          grantedAuthorities.add(new SimpleGrantedAuthority(features_entity.getReadWriteOption()));

      }
      return grantedAuthorities;
   }
}

【问题讨论】:

    标签: java spring-boot hibernate jpa spring-security


    【解决方案1】:

    当使用此指令从构造函数中传递的权限集合创建用户时,Spring 会删除重复的 GrantedAuthorities:

        this.authorities = Collections.unmodifiableSet(sortAuthorities(authorities));

    sortAuthorities 将根据此比较器对权限进行排序,结果将不包含重复:

            private static class AuthorityComparator implements Comparator<GrantedAuthority>,Serializable {
    private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

    public int compare(GrantedAuthority g1, GrantedAuthority g2) {
        // Neither should ever be null as each entry is checked before adding it to
        // the set.
        // If the authority is null, it is a custom authority and should precede
        // others.
        if (g2.getAuthority() == null) {
            return -1;
        }

        if (g1.getAuthority() == null) {
            return 1;
        }

        return g1.getAuthority().compareTo(g2.getAuthority());
    }
}

    【讨论】:

    • Golden Point,但我不知道如何以及在何处使用它来解决问题?
    【解决方案2】: 
     method getAuthorities seems ok, it is getting removed on return line maybe

 
private Collection<GrantedAuthority> getAuthorities(User user) 

  return new org.springframework.security.core.userdetails.User(
     user.getUsername(), user.getPassword(),
      getAuthorities(user)
       
  );

    【讨论】:

    • 现在怎么样了? ;)
    • 你的意思是 User 不是 Collection 的一种?
    猜你喜欢
    • 2014-10-08
    • 1970-01-01
    • 2013-12-22
    • 2017-09-19
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode