我找不到解决问题的方法。
问题: 我有2张桌子。在第一个表中保存项目。 第二个表存储允许哪个用户访问项目。
我现在想要一份所有项目的清单。但仅适用于那些 api__user_permissions_mn至少存在一个条目。
在SQL中,它看起来像这样:
从项目中选择 * 内联接api__user_permissions_mn ON (api__user_permissions_mn.user_id = 35 和 api__user_permissions_mn.projekt_id = projekte.ID);
我的第一个问题是,UserID (api__user_permissions_mn.user_id = 35) 必须从 OAuth 登录中读取,过滤器引用当前用户!
我的第二个问题似乎是我没有使项目和权限之间的联系正确。
在我的测试用例(用户 ID 35)中,我有 1 个具有 2 个权限的项目 我成为具有数据库所有权限的 1 个项目。
用户 ID 上的过滤器似乎不起作用,否则将被忽略!
"apiUserPermissions": [
{
"mappingId": {
"userID": 114,
"permissionID": 9,
"projectID": 0
}
},
{
"mappingId": {
"userID": 103,
"permissionID": 9,
"projectID": 0
}
},
{
"mappingId": {
"userID": 4,
"permissionID": 10,
"projectID": 0
}
},
{
"mappingId": {
"userID": 41,
"permissionID": 13,
"projectID": 0
}
},
项目模型:
package com.microservice.api.models;
import java.sql.Date;
import java.util.HashSet;
import java.util.Set;
import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.OneToMany;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.validation.constraints.NotNull;
import org.junit.Ignore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.jpa.repository.Query;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import com.microservice.api.repository.ApiUserPermissionsRepository;
import net.bytebuddy.implementation.bind.annotation.IgnoreForBinding;
@Entity
@Table(name = "projekte")
public class ProjectModel
{
private static final Logger logger = LoggerFactory.getLogger(ProjectModel.class);
@Id
@NotNull
@GeneratedValue(strategy = GenerationType.AUTO)
@Column(name = "ID", nullable = false)
private int projectID;
@NotNull
@Column(name = "name", nullable = false)
private String name;
@OneToMany(mappedBy = "mappingId.projectID" , cascade = CascadeType.ALL)
private Set<ApiUserPermissionsModel> apiUserPermissions = new HashSet<ApiUserPermissionsModel>();
public int getProjectID()
{
return projectID;
}
/**
* <b>set the project ID</b>
*
* @param id
*/
public void setProjectID(int id)
{
this.projectID = id;
}
/**
* <b>get the name of the project</b>
*
* @return project name
*/
public String getName()
{
return name;
}
/**
* <b>set the project name</b>
*
* @param name
*/
public void setName(String name)
{
this.name = name;
}
public Set<ApiUserPermissionsModel> getApiUserPermissions() {
return apiUserPermissions;
}
public void setApiUserPermissions(Set<ApiUserPermissionsModel> apiUserPermissions) {
this.apiUserPermissions = apiUserPermissions;
}
}
API 用户权限模型
package com.microservice.api.models;
import java.io.Serializable;
import java.util.Set;
import javax.persistence.Column;
import javax.persistence.Embeddable;
import javax.persistence.EmbeddedId;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.repository.query.Param;
@Entity
@Table(name = "api__user_permissions_mn")
public class ApiUserPermissionsModel
{
private static final Logger logger = LoggerFactory.getLogger(ApiUserPermissionsModel.class);
@EmbeddedId
private PermissionMappingId mappingId;
public PermissionMappingId getMappingId() {
return mappingId;
}
public void setMappingId(PermissionMappingId mappingId)
{
this.mappingId = mappingId;
}
@Embeddable
public static class PermissionMappingId implements Serializable
{
//@Id
@Column(name = "user_id", nullable = false)
private long userID ;
//@Id
@Column(name = "permission_id", nullable = false)
private long permissionID ;
//@Id
@Column(name = "projekt_id", nullable = false)
private long projectID;
public long getUserID() {
return userID;
}
public void setUserID(long userID) {
this.userID = userID;
}
public long getPermissionID() {
return permissionID;
}
public void setPermissionID(long permissionID) {
this.permissionID = permissionID;
}
@ManyToOne
@JoinColumn(name = "projectID")
public long getProjectID() {
return projectID;
}
public void setProjectID(long projectID) {
this.projectID = projectID;
}
}
}
**user.getId()**
这工作正常,但查询不起作用! 我已经调试过了,正确的ID正在传入(35)!!
项目控制器:
package com.microservice.api.controller;
import java.util.Set;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;
import com.microservice.api.models.ApiUserModel;
import com.microservice.api.models.ProjectModel;
import com.microservice.api.repository.ProjectRepository;
import io.swagger.annotations.ApiOperation;
@RestController
@RequestMapping("/projects")
public class ProjectController
{
@Autowired
private ProjectRepository projectDAO;
@RequestMapping(value = "/", method = RequestMethod.GET)
@ApiOperation(value = "finds all projects for the current user",
notes = "Only those projects are returned for which the current user is "
+ "also activated. Returns an empty list for users without project "
+ "assignment.",
response = ProjectModel.class,
responseContainer = "List")
public Set<ProjectModel> getPojectsForCurrentUser(@AuthenticationPrincipal ApiUserModel user)
{
Set<ProjectModel> projectM = projectDAO.findByApiUserPermissions_mappingid_UserID(user.getId());
return projectM;
}
}
最后,项目存储库
package com.microservice.api.repository;
import java.util.Set;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;
import org.springframework.data.repository.query.Param;
import org.springframework.transaction.annotation.Transactional;
import com.microservice.api.models.ProjectModel;
@Transactional
public interface ProjectRepository extends JpaRepository<ProjectModel, Long>
{
@Query("SELECT p FROM ProjectModel p JOIN p.apiUserPermissions aup WHERE aup.mappingId.userID = :uid")
Set<ProjectModel> findByApiUserPermissions_mappingid_UserID(@Param("uid") long uid);
}
我真的尝试了很多事情。 我也读了很多关于Hibernate,JPA和Spring Boot的文章,但我没有找到解决问题的方法。 你能告诉我我做错了什么吗?
提前致谢
您应该首先在自定义 UserDetailsService 类中实现 UserDetailsService,并重写
public UserDetails loadUserByUsername(String username)
方法应返回保存 User 对象的自定义 User 类。
之后,您应该在配置实现类中注册此UserDetailsService实现,该类将AuthorizationServerConfigurerAdapter实现为
。@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints.authenticationManager(authenticationManager).userDetailsService(userDetailsService);
}
你
为了获取当前用户 ID, 您可以从以下位置获取它:
Authentication authentication =SecurityContextHolder.getContext().getAuthentication());
User currentUser=(User) authentication.getPrincipal()
long id=currentUser.getId();
另外,您应该注意,我在这里使用的用户类必须实现UserDetails接口,并且您应该将其放在您的主体上
我不明白第二个问题,但对于第一个问题,您可以通过添加启用预授权 @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true) 注释到您的配置和存储库中的方法:
在这里,我假设您的主体具有用于获取当前用户 id 的 id 属性:
@PreAuthorize("#uid == authentication.principal.id")
Set<ProjectModel> findByApiUserPermissions_mappingid_UserID(@Param("uid") long uid);