spring security使用数据库表管理账户及其角色（二）

前面使用了一个数据库表示了用户的信息及其角色信息。这次我要将角色表分离出来单独使用一张表来管理，由于用户和角色是多对多的关系，所以还需要一张用户和角色的关系表。数据库如下：

用户表：sec_user

create table sec_user(  
 username varchar(100) primary key,  
 password varchar(255)
); 

插入数据：

insert into sec_user values('admin','admin');  
insert into sec_user values('test','test');

角色表：sec_role

create table sec_role(
 rolename varchar(100) primary key,
 prompt varchar(255)
);

插入数据：

insert into sec_role values('ROLE_USER','common user privilege');
insert into sec_role values('ROLE_ADMIN','administrator privilege');

用户角色关系表：sec_role_user

create table sec_role_user(
 username varchar(100) not null,
 rolename varchar(100) not null,
 constraint ru_id primary key(username,rolename)
);

为关系表添加外键约束：

alter table sec_role_user add constraint fk_user foreign key(username) references sec_user(username);
alter table sec_role_user add constraint fk_role foreign key(rolename) references sec_role(rolename);

为关系表插入数据：

insert into sec_role_user values('test','ROLE_USER');
insert into sec_role_user values('admin','ROLE_USER');
insert into sec_role_user values('admin','ROLE_ADMIN');

修改实体类:User.java

@Entity
@Table(name="SEC_USER")
public class User implements Serializable,UserDetails {

	/**
	 * 
	 */
	private static final long serialVersionUID = 4654282337754230886L;
	@Id
	@Column(name="USERNAME",unique=true,nullable=false,length=100)
	private String username;
	@Column(name="PASSWORD",length=255)
	private String password;
	@ManyToMany(targetEntity=Role.class,fetch=FetchType.EAGER)
	@JoinTable(name="SEC_ROLE_USER",joinColumns={@JoinColumn(name="USERNAME",referencedColumnName="USERNAME")},
	inverseJoinColumns={@JoinColumn(name="ROLENAME",referencedColumnName="ROLENAME")})
	private Collection<Role> roles;
	public String getUsername() {
		return username;
	}
	public void setUsername(String username) {
		this.username = username;
	}
	public String getPassword() {
		return password;
	}
	public void setPassword(String password) {
		this.password = password;
	}
	public Collection<Role> getRoles() {
		return roles;
	}
	public void setRoles(Collection<Role> roles) {
		this.roles = roles;
	}
	public Collection<GrantedAuthority> getAuthorities() {
		List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
		Iterator<Role> iter = this.roles.iterator();
		while(iter.hasNext()){
			Role role = iter.next();
			GrantedAuthority authority = new GrantedAuthorityImpl(role.getRolename());
			authorities.add(authority);
		}
		
		/*String[] roles = this.role.split(",");
		for(String r : roles){
			if(r != null && !"".equals(r)){
				GrantedAuthority authority = new GrantedAuthorityImpl(r);
				authorities.add(authority);
			}
		}*/
		return authorities;
	}
	public boolean isAccountNonExpired() {
		return true;
	}
	public boolean isAccountNonLocked() {
		return true;
	}
	public boolean isCredentialsNonExpired() {
		return true;
	}
	public boolean isEnabled() {
		return true;
	}
}

注意，由于该实体类实现了UserDetails接口，该接口的getAuthorities获取的角色信息应该更改了。


添加实体类：Role.java

@Entity
@Table(name="SEC_ROLE")
public class Role implements Serializable {
	
	/**
	 * 
	 */
	private static final long serialVersionUID = 8216539800374390907L;
	@Id
	@Column(name="ROLENAME",unique=true,nullable=false,length=100)
	private String rolename;
	@Column(name="PROMPT",length=255)
	private String prompt;
	@ManyToMany(targetEntity=User.class,mappedBy="roles")
	private Collection<User> users;
	public String getRolename() {
		return rolename;
	}
	public void setRolename(String rolename) {
		this.rolename = rolename;
	}
	public String getPrompt() {
		return prompt;
	}
	public void setPrompt(String prompt) {
		this.prompt = prompt;
	}
	public Collection<User> getUsers() {
		return users;
	}
	public void setUsers(Collection<User> users) {
		this.users = users;
	}
}

添加实体类时，别忘了向hibernate.cfg.xml或applicationContext.xml中注册。

现在已经修改完成了。