Vaadin4Spring 的 ManagedSecurity:如何更新用户列表?
Vaadin4Spring's ManagedSecurity: How to update user list?
我正在使用 Vaadin 7.5.6、Vaadins Spring 1.0.0, the Vaadin4Spring Managed Security Extension 0.0.7-SNAPSHOT 和 Tomcat8。
目前,我得到了一个实现了AuthenticationManagerConfigurer接口的配置class:
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.vaadin.spring.security.annotation.EnableVaadinManagedSecurity;
import org.vaadin.spring.security.config.AuthenticationManagerConfigurer;
import com.vaadin.server.CustomizedSystemMessages;
import com.vaadin.server.SystemMessages;
import com.vaadin.server.SystemMessagesInfo;
import com.vaadin.server.SystemMessagesProvider;
import de.blume2000.kiss.hibernate.dto.User;
import de.blume2000.kiss.hibernate.services.UserService;
import de.blume2000.kiss.utils.EncryptionUtil;
@Configuration
@EnableVaadinManagedSecurity
public class SecurityConfiguration implements AuthenticationManagerConfigurer
{
@Autowired
UserService userService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
List<User> users = userService.findAll();
if (users == null)
return;
for (User user : users)
{
String encryptedPassword = EncryptionUtil.decryptPassword(user.getPassword(), user.getSalt());
auth.inMemoryAuthentication().withUser(user.getUsername()).password(encryptedPassword).roles(user.getRole());
}
}
/**
* Provide custom system messages to make sure the application is reloaded when the session expires.
*/
@SuppressWarnings("serial")
@Bean
SystemMessagesProvider systemMessagesProvider()
{
return new SystemMessagesProvider()
{
@Override
public SystemMessages getSystemMessages(SystemMessagesInfo systemMessagesInfo)
{
CustomizedSystemMessages systemMessages = new CustomizedSystemMessages();
systemMessages.setSessionExpiredNotificationEnabled(false);
return systemMessages;
}
};
}
}
现在,如果用户登录,他可以选择编辑他的用户帐户设置。这会更改数据库中的用户对象(例如登录用户名)。现在,如果他注销,我希望应用程序重新加载用户列表,以便用户可以使用他的新用户名。这怎么可能?
问候
辛奇拉
简而言之,将内存中的身份验证替换为 DAO 身份验证。
请注意,在下面的示例中,UserDetailsService userService 是 Spring 核心接口,而 UserRepository userRepository 是您的用户的 DAO(在您的示例中又称为 UserService userService) .
1.配置
@Configuration
public class Authorization extends GlobalAuthenticationConfigurerAdapter {
@Autowired
private UserDetailsService userService;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
2。提供用户详细信息的服务
@Service
public class UserService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException(username);
}
return user;
}
}
我正在使用 Vaadin 7.5.6、Vaadins Spring 1.0.0, the Vaadin4Spring Managed Security Extension 0.0.7-SNAPSHOT 和 Tomcat8。
目前,我得到了一个实现了AuthenticationManagerConfigurer接口的配置class:
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.vaadin.spring.security.annotation.EnableVaadinManagedSecurity;
import org.vaadin.spring.security.config.AuthenticationManagerConfigurer;
import com.vaadin.server.CustomizedSystemMessages;
import com.vaadin.server.SystemMessages;
import com.vaadin.server.SystemMessagesInfo;
import com.vaadin.server.SystemMessagesProvider;
import de.blume2000.kiss.hibernate.dto.User;
import de.blume2000.kiss.hibernate.services.UserService;
import de.blume2000.kiss.utils.EncryptionUtil;
@Configuration
@EnableVaadinManagedSecurity
public class SecurityConfiguration implements AuthenticationManagerConfigurer
{
@Autowired
UserService userService;
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
List<User> users = userService.findAll();
if (users == null)
return;
for (User user : users)
{
String encryptedPassword = EncryptionUtil.decryptPassword(user.getPassword(), user.getSalt());
auth.inMemoryAuthentication().withUser(user.getUsername()).password(encryptedPassword).roles(user.getRole());
}
}
/**
* Provide custom system messages to make sure the application is reloaded when the session expires.
*/
@SuppressWarnings("serial")
@Bean
SystemMessagesProvider systemMessagesProvider()
{
return new SystemMessagesProvider()
{
@Override
public SystemMessages getSystemMessages(SystemMessagesInfo systemMessagesInfo)
{
CustomizedSystemMessages systemMessages = new CustomizedSystemMessages();
systemMessages.setSessionExpiredNotificationEnabled(false);
return systemMessages;
}
};
}
}
现在,如果用户登录,他可以选择编辑他的用户帐户设置。这会更改数据库中的用户对象(例如登录用户名)。现在,如果他注销,我希望应用程序重新加载用户列表,以便用户可以使用他的新用户名。这怎么可能?
问候 辛奇拉
简而言之,将内存中的身份验证替换为 DAO 身份验证。
请注意,在下面的示例中,UserDetailsService userService 是 Spring 核心接口,而 UserRepository userRepository 是您的用户的 DAO(在您的示例中又称为 UserService userService) .
1.配置
@Configuration
public class Authorization extends GlobalAuthenticationConfigurerAdapter {
@Autowired
private UserDetailsService userService;
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService).passwordEncoder(passwordEncoder());
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
2。提供用户详细信息的服务
@Service
public class UserService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
@Transactional(readOnly = true)
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException(username);
}
return user;
}
}