Spring Security(Third Edition)
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Defining user authorities

You may have noticed that there is no indication if a user is an administrator or a regular user. The next file specifies a direct mapping of the user to the corresponding authorities. If a user did not have an authority mapped to it, Spring Security would not allow that user to be logged in:

    //src/main/resources/database/h2/security-user-authorities.sql

    insert into authorities(username,authority)
       values ('user1@example.com','ROLE_USER');
    insert into authorities(username,authority)
      values ('admin1@example.com','ROLE_ADMIN');
    insert into authorities(username,authority)
       values ('admin1@example.com','ROLE_USER');
    insert into authorities(username,authority)
       values ('user2@example.com','ROLE_USER');
    insert into authorities(username,authority)
       values ('disabled1@example.com','ROLE_USER');

After the SQL is added to the embedded database configuration, we should be able to start the application and log in. Try logging in with the new user using disabled1@example.com as the username and disabled1 as the password. Notice that Spring Security does not allow the user to log in and provides the error message Reason: User is disabled.

Your code should now look like this: calendar04.01-calendar.

上一章目录下一章