add spring security roles and privileges

Author: Doha2012

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/dao/PrivilegeRepository.java

@@ -0,0 +1,8 @@
+package org.baeldung.persistence.dao;
+
+import org.baeldung.persistence.model.Privilege;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface PrivilegeRepository extends JpaRepository<Privilege, Long> {
+    public Privilege findByName(String name);
+}

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/dao/RoleRepository.java

@@ -0,0 +1,8 @@
+package org.baeldung.persistence.dao;
+
+import org.baeldung.persistence.model.Role;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface RoleRepository extends JpaRepository<Role, Long> {
+    public Role findByName(String name);
+}

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Privilege.java

@@ -0,0 +1,85 @@
+package org.baeldung.persistence.model;
+
+import java.util.Collection;
+
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.ManyToMany;
+import javax.persistence.Table;
+
+@Entity
+@Table
+public class Privilege {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private Long id;
+
+    private String name;
+
+    @ManyToMany(mappedBy = "privileges")
+    private Collection<Role> roles;
+
+    public Privilege() {
+        super();
+    }
+
+    public Privilege(String name) {
+        super();
+        this.name = name;
+    }
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public Collection<Role> getRoles() {
+        return roles;
+    }
+
+    public void setRoles(Collection<Role> roles) {
+        this.roles = roles;
+    }
+
+    @Override
+    public int hashCode() {
+        final int prime = 31;
+        int result = 1;
+        result = prime * result + ((name == null) ? 0 : name.hashCode());
+        return result;
+    }
+
+    @Override
+    public boolean equals(final Object obj) {
+        if (this == obj)
+            return true;
+        if (obj == null)
+            return false;
+        if (getClass() != obj.getClass())
+            return false;
+        final Privilege privilege = (Privilege) obj;
+        if (!privilege.equals(privilege.name))
+            return false;
+        return true;
+    }
+
+    @Override
+    public String toString() {
+        final StringBuilder builder = new StringBuilder();
+        builder.append("Privilege [name=").append(name).append("]").append("[id=").append(id).append("]");
+        return builder.toString();
+    }
+}

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/Role.java

@@ -1,14 +1,17 @@
 package org.baeldung.persistence.model;
 
+import java.util.Collection;
+
 import javax.persistence.CascadeType;
 import javax.persistence.Entity;
-import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.OneToOne;
+import javax.persistence.JoinTable;
+import javax.persistence.ManyToMany;
+import javax.persistence.OneToMany;
 import javax.persistence.Table;
+import javax.persistence.JoinColumn;
 
 @Entity
 @Table
@@ -18,25 +21,22 @@ public class Role {
     @GeneratedValue(strategy = GenerationType.AUTO)
     private Long id;
 
-    @OneToOne(targetEntity = User.class, fetch = FetchType.EAGER, cascade = CascadeType.ALL)
-    @JoinColumn(name = "user_id")
-    private User user;
+    @OneToMany(mappedBy = "role")
+    private Collection<User> users;
 
-    private Integer role;
+    @ManyToMany(cascade = CascadeType.ALL)
+    @JoinTable(name = "roles_privileges", joinColumns = @JoinColumn(name = "role_id", referencedColumnName = "id"), inverseJoinColumns = @JoinColumn(name = "privilege_id", referencedColumnName = "id"))
+    private Collection<Privilege> privileges;
 
-    public Role() {
-        super();
-    }
+    private String name;
 
-    public Role(Integer role) {
+    public Role() {
         super();
-        this.role = role;
     }
 
-    public Role(Integer role, User user) {
+    public Role(String name) {
         super();
-        this.role = role;
-        this.user = user;
+        this.name = name;
     }
 
     public Long getId() {
@@ -47,27 +47,35 @@ public void setId(Long id) {
         this.id = id;
     }
 
-    public User getUser() {
-        return user;
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public Collection<User> getUsers() {
+        return users;
     }
 
-    public void setUser(User user) {
-        this.user = user;
+    public void setUsers(Collection<User> users) {
+        this.users = users;
     }
 
-    public Integer getRole() {
-        return role;
+    public Collection<Privilege> getPrivileges() {
+        return privileges;
     }
 
-    public void setRole(Integer role) {
-        this.role = role;
+    public void setPrivileges(Collection<Privilege> privileges) {
+        this.privileges = privileges;
     }
 
     @Override
     public int hashCode() {
         final int prime = 31;
         int result = 1;
-        result = prime * result + ((role == null) ? 0 : role.hashCode());
+        result = prime * result + ((name == null) ? 0 : name.hashCode());
         return result;
     }
 
@@ -80,15 +88,15 @@ public boolean equals(final Object obj) {
         if (getClass() != obj.getClass())
             return false;
         final Role role = (Role) obj;
-        if (!role.equals(role.role))
+        if (!role.equals(role.name))
             return false;
         return true;
     }
 
     @Override
     public String toString() {
         final StringBuilder builder = new StringBuilder();
-        builder.append("Role [role=").append(role).append("]").append("[id=").append(id).append("]");
+        builder.append("Role [name=").append(name).append("]").append("[id=").append(id).append("]");
         return builder.toString();
     }
 }

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/model/User.java

@@ -1,16 +1,16 @@
 package org.baeldung.persistence.model;
 
-import javax.persistence.CascadeType;
-//ERASE
-import javax.persistence.Column;
+
 import javax.persistence.Entity;
-import javax.persistence.FetchType;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
-import javax.persistence.OneToOne;
+import javax.persistence.JoinColumn;
+import javax.persistence.ManyToOne;
+import javax.persistence.Table;
 
 @Entity
+@Table
 public class User {
 
     @Id
@@ -29,7 +29,8 @@ public class User {
 
     private boolean tokenExpired;
 
-    @OneToOne(mappedBy = "user", fetch = FetchType.EAGER, cascade = CascadeType.ALL)
+    @ManyToOne(optional = false)
+    @JoinColumn(name = "role_id")
     private Role role;
 
     public User() {

spring-security-login-and-registration/src/main/java/org/baeldung/persistence/service/UserService.java

@@ -2,9 +2,9 @@
 
 import javax.transaction.Transactional;
 
+import org.baeldung.persistence.dao.RoleRepository;
 import org.baeldung.persistence.dao.UserRepository;
 import org.baeldung.persistence.dao.VerificationTokenRepository;
-import org.baeldung.persistence.model.Role;
 import org.baeldung.persistence.model.User;
 import org.baeldung.persistence.model.VerificationToken;
 import org.baeldung.validation.EmailExistsException;
@@ -24,6 +24,9 @@ public class UserService implements IUserService {
     @Autowired
     private PasswordEncoder passwordEncoder;
 
+    @Autowired
+    private RoleRepository roleRepository;
+    
     // API
 
     @Override
@@ -38,7 +41,7 @@ public User registerNewUserAccount(UserDto accountDto) throws EmailExistsExcepti
         user.setPassword(passwordEncoder.encode(accountDto.getPassword()));
         user.setEmail(accountDto.getEmail());
 
-        user.setRole(new Role(Integer.valueOf(1), user));
+        user.setRole(roleRepository.findByName("ROLE_USER"));
         return repository.save(user);
     }
 
@@ -77,4 +80,4 @@ private boolean emailExist(String email) {
         return false;
     }
 
-}
+}

spring-security-login-and-registration/src/main/java/org/baeldung/security/MySimpleUrlAuthenticationSuccessHandler.java

@@ -48,11 +48,11 @@ protected String determineTargetUrl(Authentication authentication) {
         boolean isAdmin = false;
         Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
         for (GrantedAuthority grantedAuthority : authorities) {
-            if (grantedAuthority.getAuthority().equals("ROLE_USER")) {
+            if (grantedAuthority.getAuthority().equals("READ_PRIVILEGE")) {
                 isUser = true;
-                break;
-            } else if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
+            } else if (grantedAuthority.getAuthority().equals("WRITE_PRIVILEGE")) {
                 isAdmin = true;
+                isUser = false;
                 break;
             }
         }

spring-security-login-and-registration/src/main/java/org/baeldung/security/MyUserDetailsService.java

@@ -7,7 +7,10 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.baeldung.persistence.dao.RoleRepository;
 import org.baeldung.persistence.dao.UserRepository;
+import org.baeldung.persistence.model.Privilege;
+import org.baeldung.persistence.model.Role;
 import org.baeldung.persistence.model.User;
 import org.baeldung.persistence.service.IUserService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -27,7 +30,9 @@ public class MyUserDetailsService implements UserDetailsService {
     private IUserService service;
     @Autowired
     private MessageSource messages;
-
+    @Autowired
+    private RoleRepository roleRepository;
+    
     public MyUserDetailsService() {
 
     }
@@ -40,34 +45,33 @@ public UserDetails loadUserByUsername(String email) throws UsernameNotFoundExcep
         try {
             User user = userRepository.findByEmail(email);
             if (user == null) {
-                return new org.springframework.security.core.userdetails.User(" ", " ", enabled, true, true, true, getAuthorities(new Integer(1)));
+                return new org.springframework.security.core.userdetails.User(" ", " ", enabled, true, true, true, getAuthorities(roleRepository.findByName("ROLE_USER")));
             }
 
-            return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), user.isEnabled(), accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(user.getRole().getRole()));
+            return new org.springframework.security.core.userdetails.User(user.getEmail(), user.getPassword(), user.isEnabled(), accountNonExpired, credentialsNonExpired, accountNonLocked, getAuthorities(user.getRole()));
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
     }
 
-    private Collection<? extends GrantedAuthority> getAuthorities(Integer role) {
-        List<GrantedAuthority> authList = getGrantedAuthorities(getRoles(role));
+    private Collection<? extends GrantedAuthority> getAuthorities(Role roleName) {
+        List<GrantedAuthority> authList = getGrantedAuthorities(getPrivileges(roleName));
         return authList;
     }
 
-    public List<String> getRoles(Integer role) {
-        List<String> roles = new ArrayList<String>();
-        if (role.intValue() == 2) {
-            roles.add("ROLE_ADMIN");
-        } else if (role.intValue() == 1) {
-            roles.add("ROLE_USER");
+    public List<String> getPrivileges(Role role) {
+        List<String> privileges = new ArrayList<String>();
+        Collection<Privilege> collection = role.getPrivileges();
+        for (Privilege item : collection) {
+            privileges.add(item.getName());
         }
-        return roles;
+        return privileges;
     }
 
-    private static List<GrantedAuthority> getGrantedAuthorities(List<String> roles) {
+    private static List<GrantedAuthority> getGrantedAuthorities(List<String> privileges) {
         List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
-        for (String role : roles) {
-            authorities.add(new SimpleGrantedAuthority(role));
+        for (String privilege : privileges) {
+            authorities.add(new SimpleGrantedAuthority(privilege));
         }
         return authorities;
     }