spring security + thymeleaf 判断登录用户的权限

- 日理万妓 2024-02-17 19:33 42阅读 0赞

spring security的UserDetailService是我自己定义的。

@Component
    public class MyUserDetailsService implements UserDetailsService {
       
        
        @Autowired
        private UserRepository userRepository;
    
        @Override
        public UserDetails loadUserByUsername(String username) {
            // Get user and his authority from userRepository         user = userRepository.getUserByUsername(username); 	Set<GrantedAuthority> authorities = new HashSet<>();
            user.getPermissions().forEach(r -> authorities.add(new SimpleGrantedAuthority(r.getValue())));        MyUser myUser = new MyUser (username, ....);        return myUser;    }}

MyUser.java，扒的User.java

public class MyUser implements UserDetails, CredentialsContainer {...}

index.html:

从数据库获取的用户Permission，在前端怎么都拿不到，返回的结果一直false，但是通过$\{authentication.principal\}打印的结果却能够看到。

debug发现expression方法会调用org.springframework.security.access.expression.SecurityExpressionRoot的方法hasAnyRole，这个方法会将hasRole()里的字符串加上ROLE\_与UserDetails的GrantedAuthority逐个比较，因此，最简单的方法就是把数据库中权限用ROLE\_开头