春のセキュリティ認証マネージャの問題

Question

私は私のapplicacion（ユーザーおよびロール）で以下のエンティティを持っている

エンティティのユーザー

@Entity 
@Table(name="users") 
public class User { 

    @Id 
    @GeneratedValue 
    private Integer id; 

    private String username; 

    private String password; 

    @OneToOne(cascade=CascadeType.ALL) 
    @JoinTable(name="user_roles", 
      joinColumns = {@JoinColumn(name="user_id", referencedColumnName="id")}, 
      inverseJoinColumns = {@JoinColumn(name="role_id", referencedColumnName="id")} 
    ) 
    private Role role; 

    public Integer getId() { 
     return id; 
    } 

    public void setId(Integer id) { 
     this.id = id; 
    } 

    public String getUsername() { 
     return username; 
    } 

    public void setUsername(String username) { 
     this.username = username; 
    } 

    public String getPassword() { 
     return password; 
    } 

    public void setPassword(String password) { 
     this.password = password; 
    } 

    public Role getRole() { 
     return role; 
    } 

    public void setRole(Role role) { 
     this.role = role; 
    } 

} 

エンティティの役割

@Entity 
@Table(name="roles") 
public class Role { 

    @Id 
    @GeneratedValue 
    private Integer id; 

    private String role; 

    @OneToMany(cascade=CascadeType.ALL) 
    @JoinTable(name="user_roles", 
      joinColumns = {@JoinColumn(name="role_id", referencedColumnName="id")}, 
      inverseJoinColumns = {@JoinColumn(name="user_id", referencedColumnName="id")} 
    ) 
    private Set<User> userRoles; 

    public Integer getId() { 
     return id; 
    } 

    public void setId(Integer id) { 
     this.id = id; 
    } 

    public String getRole() { 
     return role; 
    } 

    public void setRole(String role) { 
     this.role = role; 
    } 

    public Set<User> getUserRoles() { 
     return userRoles; 
    } 

    public void setUserRoles(Set<User> userRoles) { 
     this.userRoles = userRoles; 
    } 

} 

これは私の認証マネージャです私はここに問題があると確信しています。

​​

私はSQL文の形成に問題があります。誰もこの問題を解決するのに役立つでしょうか？

Answer 1

私は春の休止状態を使用してセキュリティを実装するより良い方法を推薦しています。

お気軽にお問い合わせください。

セキュリティのxml：

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.2.xsd"> 

    <import resource="servlet-context.xml"/> 

    <security:global-method-security pre-post-annotations="enabled"></security:global-method-security> 

    <security:http auto-config="true" use-expressions="true"> 
     <security:intercept-url pattern="/login" access="permitAll()"/> 
     <security:intercept-url pattern="/" access="permitAll()"/> 
     <security:intercept-url pattern="/register/**" access="permitAll()"/> 
     <security:intercept-url pattern="/admin/**" access="isAuthenticated()"/> 
     <security:intercept-url pattern="/admin/saveLocation" access="permitAll()"/> 
      <security:intercept-url pattern="/admin/addFriend" access="permitAll()"/> 

     <security:form-login login-page="/login?error=0" 
        username-parameter="userName" 
        password-parameter="password" 
        authentication-success-handler-ref="customSuccessHandler" 
        authentication-failure-url="/login?error=1" /> 

     <security:access-denied-handler error-page="/accessDenied"/> 

     <security:logout delete-cookies="JSESSIONID" invalidate-session="true" success-handler-ref="logoutSuccessHandler"/> 

     <security:csrf disabled="true"/> 

     <security:headers> 
      <security:cache-control/> 
     </security:headers> 
    </security:http> 

    <security:authentication-manager> 
     <security:authentication-provider user-service-ref="userAuthenticator"> 
     </security:authentication-provider> 
    </security:authentication-manager> 

    <bean id="customSuccessHandler" class="com.mycompany.lts.security.CustomSuccessHandler"></bean> 

    <bean id="userAuthenticator" class="com.mycompany.lts.security.UserAuthenticator"></bean> 

    <bean id="logoutSuccessHandler" class="com.mycompany.lts.security.LogoutSuccessHandler"></bean> 
</beans> 

UserAuthenticator.java

import java.util.Arrays; 
import org.springframework.beans.factory.annotation.Autowired; 
import org.springframework.security.core.GrantedAuthority; 
import org.springframework.security.core.authority.SimpleGrantedAuthority; 
import org.springframework.security.core.userdetails.User; 
import org.springframework.security.core.userdetails.UserDetails; 
import org.springframework.security.core.userdetails.UserDetailsService; 
import org.springframework.security.core.userdetails.UsernameNotFoundException; 
import com.mycompany.lts.entities.UserDetail; 
import com.mycompany.lts.exception.MyException; 
import com.mycompany.lts.service.UserService; 
public class UserAuthenticator implements UserDetailsService { 
@Autowired 
private UserService userService; 
@Override 
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 
UserDetail entity = null; 
System.out.println(" LOAD BY USER NAME ---- LOADING USERS "); 
try { 
entity = userService.getUserByUserName(username); 
} catch (MyException e) { 
e.printStackTrace(); 
} 
GrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); 
UserDetails userDetails = (UserDetails) new User(entity.getUserName(), entity.getPassword(), 
Arrays.asList(authority)); 
return userDetails; 
} 

} 

実行クエリ：

@Override 
public UserDetail getUserByUserName(String userName) throws MyException { 
    try { 
     Session session = sessionFactory.getCurrentSession(); 
     return (UserDetail) session.createCriteria(UserDetail.class).add(Restrictions.eq("userName", userName)) 
       .uniqueResult(); 

    } catch (Exception e) { 
     throw new MyException(e.getMessage()); 
    } 
}