[英]Spring Security: How To add extra role to authenticated user
I have an application which works with REST services and spring security. 我有一个与REST服务和spring security一起使用的应用程序。 I have Basic authentication and I need to have hard and soft login. 我具有基本身份验证,并且需要进行硬登录和软登录。
Scenario is: when a user logs in he is assigned ROLE_SOFT and has access to the URL which requires ROLE_SOFT, but if he wants to have access to the URL which requires ROLE_HARD, he must send some code or something to a specified web service. 方案是:当用户登录时,他被分配了ROLE_SOFT并可以访问需要ROLE_SOFT的URL,但是如果他想访问需要ROLE_HARD的URL,则必须向指定的Web服务发送一些代码或某些内容。
So I read this Acegi Security: How do i add another GrantedAuthority to Authentication to anonymous user 因此,我阅读了此Acegi Security:如何为身份验证向匿名用户添加另一个GrantedAuthority
After it I create my: 之后,我创建我的:
public class AuthenticationWrapper implements Authentication
{
private Authentication original;
public AuthenticationWrapper(Authentication original)
{
this.original = original;
}
public String getName() { return original.getName(); }
public Object getCredentials() { return original.getCredentials(); }
public Object getDetails() { return original.getDetails(); }
public Object getPrincipal() { return original.getPrincipal(); }
public boolean isAuthenticated() { return original.isAuthenticated(); }
public void setAuthenticated( boolean isAuthenticated ) throws IllegalArgumentException
{
original.setAuthenticated( isAuthenticated );
}
public Collection<? extends GrantedAuthority> getAuthorities() {
System.out.println("EXISTING ROLES:");
System.out.println("Size=:"+original.getAuthorities().size());
for (GrantedAuthority iterable : original.getAuthorities()) {
System.out.println(iterable.getAuthority());
}
GrantedAuthority newrole = new SimpleGrantedAuthority("ROLE_HARD");
System.out.println("ADD new ROLE:"+newrole.getAuthority());
Collection<? extends GrantedAuthority> originalRoles = original.getAuthorities();
ArrayList<GrantedAuthority> temp = new ArrayList<GrantedAuthority>(originalRoles.size()+1);
temp.addAll(originalRoles);
temp.add(newrole);
System.out.println("RETURN NEW LIST SIZE"+temp.size());
for (GrantedAuthority grantedAuthority : temp) {
System.out.println("NEW ROLES:"+grantedAuthority.getAuthority());
}
return Collections.unmodifiableList(temp);
}
and controller 和控制器
@Controller
@RequestMapping("/login")
public class LoginControllerImpl implements LoginController {
LoginService loginService;
@RequestMapping(method = RequestMethod.GET, headers = "Accept=application/json")
@ResponseBody
public User getUserSettings(){
loginService=new LoginServiceImpl();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
AuthenticationWrapper wrapper = new AuthenticationWrapper(auth);
SecurityContextHolder.getContext().setAuthentication( wrapper );
return loginService.getUser();
}
}
But after I change Authentication my session goes down.. Maybe some one knows a better solution... 但是在更改身份验证后,我的会话中断了。.也许有人知道更好的解决方案...
Just an idea.. If the user logs in the first time using a login form and needs to access a resource witch requires an additional authority then why not redirecting the user back to the login page for a second time ? 只是一个主意。如果用户第一次使用登录表单登录并需要访问资源向导,则需要其他权限,那么为什么不第二次将用户重定向回登录页面呢?
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/resources/**" access="denyAll"/>
<intercept-url pattern="/login.do" access="permitAll"/>
<intercept-url pattern="/role_soft_url_domain/* " access="hasRole('ROLE_SOFT') and fullyAuthenticated"/>
<intercept-url pattern="/role_hard_url_domain/*" access="hasRole('ROLE_HARD') and fullyAuthenticated"/>
<intercept-url pattern="/*" access="hasRole('ROLE_SOFT')"/>
<form-login login-page="/login.do" />
<logout invalidate-session="true"
logout-success-url="/"
logout-url="/j_spring_security_logout"/>
</http>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.