Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Eugenue Cesarevich2021-01-22 11:42:25
Java
Eugenue Cesarevich, 2021-01-22 11:42:25

How to create different classes for different roles in Spring Security?

For role-based authorization in the application, Spring Security is used, so I have a User entity with a Set<Role> roles. Due to the fact that different roles need very different sets of fields, I want to make it a Usergeneral abstract class and inherit from it specific classes for each role: SimpleUser, Adminetc.

Spring Security uses UserDetailsService for authorization, here is my implementation:

@Service("securityUserService")
public class SecurityUserService implements UserDetailsService {

    private final UserRepository repository;

    public SecurityUserService(UserRepository repository) {
        this.repository = repository;
    }

    @Override
    public AuthorizedUser loadUserByUsername(String email) throws UsernameNotFoundException {
        User user = repository.getByEmail(email.toLowerCase());
        if (user == null) {
            throw new UsernameNotFoundException("User " + email + " is not found");
        }
        return new AuthorizedUser(user);
    }
}

If I have several different entities for users, then I need to make several different tables. To these tables it will be necessary to make different repositories. This is where the problems arise. If, for example, an admin logs in, then how does the service know in which repository to look for this user, if he only knows his name?

How can I make sure that each role has its own user class?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Maxim Fedorov, 2021-01-22
@Maksclub

The authentication and authorization system does not require any additional entities and classes serving them

different roles need very different sets of fields

It’s not necessary, these are other entities (abstractions), but to check the role and authorization credentials, the User class is enough for you.
Then work with your admins (Admin), customers (Customer) and so on, who will only have a userId and only ... That is the service for working with the buyer will work with him, and the execution of the code will get there when you call the controller method that works with this logic, and before that asks the user for rights :)
User is about rights and roles, so abstractly so and it's called :)

Report
O
Orkhan, 2021-01-23
Hasanly @azerphoenix

I would not create classes for each of the roles, but would implement it as follows:
1) Create a User class. Flag @MappedSuperclass. Put common fields there: username, password, etc.
2) Next, create the necessary classes and extend the User class. For example, Customer, Author, etc. And specify all fields specific to each of the classes in them.
3) Next, for example, you can create a Builder pattern, which, when creating an entity by default, will assign roles corresponding to the class.
PS Don't forget to also implement the UserDetails interface required by Spring Security.

Similar questions
O
ork8212020-05-03 14:29:09
Where can I get ideas for real and interesting Java projects? 1Reply
A
AnDevos2015-10-31 15:02:56
Where is it more efficient to learn java se? 6Reply
J
jd20502018-03-08 21:07:16
Is it worth reading "Algorithms in Java" by Sedgwick if you have already read "Data Structures and Algorithms in Java" by Laforet? 2Reply
K
Krasavchik262020-05-04 21:43:07
Why doesn't attaching files work in my created android browser? 0Reply
P
pimmpo2020-05-04 21:49:10
Deploy a Heroku Java app? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question