Answer the question
In order to leave comments, you need to log in
E
E
Eugenue Cesarevich2021-01-22 11:42:25
Eugenue Cesarevich, 2021-01-22 11:42:25
How to create different classes for different roles in Spring Security?
For role-based authorization in the application, Spring Security is used, so I have a User entity with a Set<Role> roles. Due to the fact that different roles need very different sets of fields, I want to make it a Usergeneral abstract class and inherit from it specific classes for each role: SimpleUser, Adminetc.
Spring Security uses UserDetailsService for authorization, here is my implementation:
@Service("securityUserService")
public class SecurityUserService implements UserDetailsService {
private final UserRepository repository;
public SecurityUserService(UserRepository repository) {
this.repository = repository;
}
@Override
public AuthorizedUser loadUserByUsername(String email) throws UsernameNotFoundException {
User user = repository.getByEmail(email.toLowerCase());
if (user == null) {
throw new UsernameNotFoundException("User " + email + " is not found");
}
return new AuthorizedUser(user);
}
}If I have several different entities for users, then I need to make several different tables. To these tables it will be necessary to make different repositories. This is where the problems arise. If, for example, an admin logs in, then how does the service know in which repository to look for this user, if he only knows his name?
How can I make sure that each role has its own user class?
2 answer(s)
@Maksclub
It’s not necessary, these are other entities (abstractions), but to check the role and authorization credentials, the User class is enough for you.
Then work with your admins (Admin), customers (Customer) and so on, who will only have a userId and only ... That is the service for working with the buyer will work with him, and the execution of the code will get there when you call the controller method that works with this logic, and before that asks the user for rights :)
User is about rights and roles, so abstractly so and it's called :)
Hasanly @azerphoenix
M
Maxim Fedorov, 2021-01-22 @Maksclub
The authentication and authorization system does not require any additional entities and classes serving them
different roles need very different sets of fields
It’s not necessary, these are other entities (abstractions), but to check the role and authorization credentials, the User class is enough for you.
Then work with your admins (Admin), customers (Customer) and so on, who will only have a userId and only ... That is the service for working with the buyer will work with him, and the execution of the code will get there when you call the controller method that works with this logic, and before that asks the user for rights :)
User is about rights and roles, so abstractly so and it's called :)
O
Orkhan, 2021-01-23 Hasanly @azerphoenix
I would not create classes for each of the roles, but would implement it as follows:
1) Create a User class. Flag @MappedSuperclass. Put common fields there: username, password, etc.
2) Next, create the necessary classes and extend the User class. For example, Customer, Author, etc. And specify all fields specific to each of the classes in them.
3) Next, for example, you can create a Builder pattern, which, when creating an entity by default, will assign roles corresponding to the class.
PS Don't forget to also implement the UserDetails interface required by Spring Security.
Similar questions
T
A
R
I
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question