英文:
How am I getting objects from a Set?
问题
public Set<SimpleGrantedAuthority> getGrantedAuthority() {
Set<SimpleGrantedAuthority> permissions = getPermissions().stream()
.map(permission -> new SimpleGrantedAuthority(permission.getPermission()))
.collect(Collectors.toSet());
permissions.add(new SimpleGrantedAuthority("ROLE_" + this.name()));
return permissions;
}
这个方法的目标是为给定的角色生成授权权限。让我解释一下其中的代码:
-
getPermissions()方法返回一个角色拥有的权限集合。 -
stream()方法将权限集合转化为一个流,使得可以对每个权限进行操作。 -
.map(permission -> new SimpleGrantedAuthority(permission.getPermission()))使用map操作将每个权限映射为一个SimpleGrantedAuthority对象,其中permission.getPermission()获取权限的字符串表示。 -
.collect(Collectors.toSet())通过collect操作将映射后的SimpleGrantedAuthority对象收集到一个新的Set集合中,这个集合保存了角色的权限。 -
permissions.add(new SimpleGrantedAuthority("ROLE_" + this.name()))添加一个代表角色的授权,以"ROLE_"作为前缀,加上角色的名称。 -
最后,方法返回包含角色权限的
Set<SimpleGrantedAuthority>。
总的来说,这个方法通过将角色的权限和代表角色的授权都添加到一个 Set 集合中,返回了一个用于 Spring Security 的权限集合。在整个过程中,使用了流操作和集合操作,将权限对象转换并组合成需要的形式。
英文:
I started learning spring security few days ago. Found the same code in two tutorials and I'm not sure how is it doing it's job. I realize that's it is just plain java but I don't seem to understand it.
public Set<SimpleGrantedAuthority> getGrantedAuthority(){
Set<SimpleGrantedAuthority> permissions = getPermissions().stream()
.map(permission -> new SimpleGrantedAuthority(permission.getPermission()))
.collect(Collectors.toSet());
permissions.add(new SimpleGrantedAuthority("ROLE_" + this.name()));
return permissions;
}
From my understanding of the code, with stream() I'm filling the Set with SimpleGrantedAuthority objects and that is fine, but what and how does this line work permissions.add(new SimpleGrantedAuthority("ROLE_" + this.name())); ?
Whole method should just return permissions for the given role but I am not sure how do i end up with just few right ones in the method return.
Method call:
protected UserDetailsService userDetailsService() {
UserDetails annaS = User.builder()
.username("annasmith")
.password(passwordEncoder.encode("password"))
.authorities(STUDENT.getGrantedAuthority())
.build();
}
Role enum:
public enum ApplicationUserRole {
STUDENT(Sets.newHashSet()),
ADMIN(Sets.newHashSet(COURSE_READ,COURSE_WRITE, STUDENT_WRITE, STUDENT_READ)),
ADMINTRAINEE(Sets.newHashSet(COURSE_READ,STUDENT_READ));
private final Set<ApplicationUserPermission> permissions;
ApplicationUserRole(Set<ApplicationUserPermission> permissions) {
this.permissions = permissions;
}
public Set<ApplicationUserPermission> getPermissions() {
return permissions;
}
public Set<SimpleGrantedAuthority> getGrantedAuthority(){
Set<SimpleGrantedAuthority> permissions = getPermissions().stream()
.map(permission -> new SimpleGrantedAuthority(permission.getPermission()))
.collect(Collectors.toSet());
permissions.add(new SimpleGrantedAuthority("ROLE_" + this.name()));
return permissions;
}
}
Permission enum:
public enum ApplicationUserPermission {
STUDENT_READ("student:read"),
STUDENT_WRITE("student:write"),
COURSE_READ("course:read"),
COURSE_WRITE("course:write");
private final String permission;
ApplicationUserPermission(String permission) {
this.permission = permission;
}
public String getPermission() {
return permission;
}
}
Would appreciate if someone would explain me the line in detail, if there is anything to analyze in the first place.
答案1
得分: 1
在Spring Security中,您可以使用ROLES和/或特权填充UserDetails的authorities。您处理此信息的方式取决于您的选择,因此引用的这一行代码只是将ApplicationUserRole与相同位置的特权添加在一起。
> 对于框架来说,差异是微小的 - 它基本上以完全相同的方式处理它们。
> Spring Security框架没有提供任何关于如何使用此概念的指导,因此选择完全取决于实现。
您可以在Spring Security配置中使用这个。
例如:
@Override
protected void configure(HttpSecurity http) throws Exception {
// ...
.antMatchers("/protectedbyrole").hasRole("STUDENT")
.antMatchers("/protectedbyauthority").hasAuthority("student:read")
// ...
}
在https://www.baeldung.com/spring-security-granted-authority-vs-role 链接中阅读更多。
英文:
In Spring Security, you can fill UserDetails authorities with ROLES and/or privilegies. The way you deal with this information is your choice, so what the quoted line is doing is just adding the ApplicationUserRole together the privilegies in the same place.
> For the framework, the difference is minimal – and it basically deals with these in exactly the same way.
> The Spring Security framework doesn't give any guidance in terms of how we should use the concept, so the choice is entirely implementation specific.
You could use that in Spring Security Configuration.
eg:
@Override
protected void configure(HttpSecurity http) throws Exception {
// ...
.antMatchers("/protectedbyrole").hasRole("STUDENT")
.antMatchers("/protectedbyauthority").hasAuthority("student:read")
// ...
}
Read more in https://www.baeldung.com/spring-security-granted-authority-vs-role.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论