如何创建数据类实现 Spring Security 特定的 UserDetails

Posted

技术标签:

【中文标题】如何创建数据类实现 Spring Security 特定的 UserDetails【英文标题】:How to create a data class implements Spring Secuirty specific UserDetails 【发布时间】:2018-02-04 16:36:56 【问题描述】:

我正在尝试将一些 spring-webflux 示例代码迁移到 kotlin。

目前我想将我的 Spring Data Mongo 示例转换为 kotlin。有一个User,Data Mongo 原版的样子:

@Data
@ToString
@Builder
@NoArgsConstructor
@AllArgsConstructor
@Document
class User implements UserDetails 

    @Id
    private String id;
    private String username;
    private String password;

    @Builder.Default()
    private boolean active = true;

    @Builder.Default()
    private List<String> roles = new ArrayList<>();

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() 
        return AuthorityUtils.createAuthorityList(roles.toArray(new String[roles.size()]));
    

    @Override
    public boolean isAccountNonExpired() 
        return active;
    

    @Override
    public boolean isAccountNonLocked() 
        return active;
    

    @Override
    public boolean isCredentialsNonExpired() 
        return active;
    

    @Override
    public boolean isEnabled() 
        return active;
    


UserDetails接口包含一些getXXX和isXXX方法,如何在kotlin的usernamepassword属性中添加override

顺便说一句:目前我在 kotlin 版本中删除了UserDetails,check here:

@Document
data class User(
        @Id var id: String? = null,
        var username: String? = null,
        var password: String? = null,
        var active: Boolean = true,
        var roles: List<String> = ArrayList()
)

UPDATE如何添加UserDetails接口?,this question is helpful。

新问题是使用破坏时,它不起作用。

(id, username, password, active, roles) = <a user>

User 位于 https://github.com/hantsy/spring-reactive-sample/blob/master/kotlin-gradle/src/main/kotlin/com/example/demo/User.kt 。目前我注释掉了实现的版本UserDetails。如果我使用注释代码(User:UserDetails),Beans.kt 中的desstruction 代码将在 IDE 中报告错误。错误发生在usernamepassword正在破坏用户类型的声明初始化程序!必须有一个component2函数

【问题讨论】:

你的问题是解构声明对吗?你能提供一个完整的代码示例吗?我没有看到错误 @s1m0nw1 更新并添加了当前用户类链接。 【参考方案1】:
data class User(
        // inherits from UserDetails
        private val username: String,
        private val password: String,
        private val isEnabled: Boolean, //Disabled account can not log in
        private val isCredentialsNonExpired: Boolean, //credential can be expired,eg. Change the password every three months
        private val isAccountNonExpired: Boolean, //eg. Demo account(guest) can only be online  24 hours
        private val isAccountNonLocked: Boolean, //eg. Users who malicious attack system,lock their account for one year
        private val authorities: Set<GrantedAuthority>, 

        // inherits from Tree.If the user is not a tree structure, can be ignored
        val id: Long,
        val parentId: Long? = null, 
        val lft: Int? = null, // preorder tree traversal algorithm
        val rgt: Int? = null, // preorder tree traversal algorithm
        val depth: Int? = null, // or levels
        val isLeaf: Boolean? = null, 
        val teamTotal: Int? = null, // The number of all subordinates
        val childrenTotal: Int? = null, //The number of all directly under the subordinate

        //Custom attributes
        val tenantId: Long, //We are the platform + tenant model
        val role: Set<Role>, // TENANT, SUBACCOUNT, DEFAULT_GROUP, MEMBER, GUEST
        val platform: Platform, // PC, ios, android, WAP, INTERNAL
        val deviceToken: String? = null, //or machine code
        val ip: InetAddress //Inet4Address or Inet6Address
) : UserDetails, Tree(id, parentId) 
    override fun getUsername(): String = username
    override fun getPassword(): String = password
    override fun isEnabled(): Boolean = isEnabled
    override fun isCredentialsNonExpired(): Boolean = isCredentialsNonExpired
    override fun isAccountNonExpired(): Boolean = isAccountNonExpired
    override fun isAccountNonLocked(): Boolean = isAccountNonLocked
    override fun getAuthorities(): Set<out GrantedAuthority> = authorities

【讨论】:

以上是关于如何创建数据类实现 Spring Security 特定的 UserDetails的主要内容,如果未能解决你的问题,请参考以下文章

Spring Security基本配置(登录,注销,权限,记住我,注解)

如何为 Spring Security 创建类型安全的用户角色?

Spring Security权限缓存

Spring security用户认证(设置用户名密码)

在项目中使用Spring Security进行权限控制

Security安全认证 | Spring Boot如何集成Security实现安全认证