运行时修改Acegi中authorities 授权信息
用户授权信息在登录的时候就被存放在securityContextHolder,我们可以再任何时候去查看这些授权信息。
下面的代码可以获得当前授权信息:
Authentication currentUser = securityContextHolder.getContext().getAuthentication();
UserDetailsImpl userDetails = (UserDetailsImpl) currentUser.getPrincipal();
GrantedAuthority gas[] =userDetails.getAuthorities();
然后,我想添加一些授权到这个数组gas,然后再次放回当前用户使之生效。
userDetails.setAuthorities(gas);
My web interface is made using acegi taglibs in order to render the menu only with granted options:
Code:
<authz:authorize ifAnyGranted="MENU1,MENU2">
But, after refreshing or rendering again the JSP, it looks like the new granted options are not available (or the user authorities are not updated) and I can't see the new menu options that I should see.
Anyone could help me whit this? Any idea?
解决办法
Okay ... I found the solution.
Acegi securitycontext stores the user information in the ContextHolder. And you can get all the information of the authenticated user.
You can change the authorities in this way:
SecurityContext sc = SecurityContextHolder.getContext();
Authentication currentUser = sc.getAuthentication();
UserDetailsImpl userDetails = (UserDetailsImpl) currentUser.getPrincipal();
ArrayList authorities = new ArrayList(2);
authorities.add(new GrantedAuthorityImpl("DUMMY"));
userDetails.setAuthorities((GrantedAuthority[])authorities.toArray(new GrantedAuthority[]{}));
But this is only valid for the life of the current thread. If you need to make persistent this every time you invoke the above code:
Code:
SecurityContext sc = SecurityContextHolder.getContext();
Authentication currentUser = sc.getAuthentication();
UserDetailsImpl userDetails = (UserDetailsImpl) currentUser.getPrincipal();
You have to re-aunthenticate the authentication token (in my issue, an UsernamePasswordAuthenticationToken) in this way:
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(currentUser.getPrincipal(),currentUser.getCredentials(),(GrantedAuthority[])authorities.toArray(new GrantedAuthority[]{}));
sc.setAuthentication(authentication);
SecurityContextHolder.setContext(sc);
Now, the changes will be available every time you need it.
<!-- / message -->
分享到:
相关推荐
spring_acegi精彩实例,带MYSQL数据库脚本,保证能运行 spring_acegi精彩实例,带MYSQL数据库脚本,保证能运行 spring_acegi精彩实例,带MYSQL数据库脚本,保证能运行 spring_acegi精彩实例,带MYSQL数据库脚本,...
学习acegi的第一步, <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy"> PATTERN_TYPE_APACHE_ANT /**=httpSessionContextIntegrationFilter,basicProcessingFilter,...
acegi,acegi,acegi
基于spring的Acegi安全框架认证与授权的分析及扩展.pdf
Spring源代码解析(十):Spring_Acegi框架授权的实现.doc
不错的ACEGI 教程
Acegi安全系统,是一个用于Spring Framework的安全框架,能够和目前流行的Web... 在Acegi安全系统中,需要被认证的用户,系统或代理称为"Principal"。Acegi安全系统和其他的安全系统不同,它并没有角色和用户组的概念。
Acegi文档 spring acegi 详细文档
Acegi中文参考手册,提供JAVA统一接口登陆
Acegi安全系统,是一个用于Spring Framework的安全框架,能够和目前流行的Web容器无缝集成。它使用了Spring的方式提供了安全和认证安全服务,包括使用Bean Context,拦截器和面向接口的编程方式。因此,Acegi安全...
spring+acegi+中文手册spring+acegi+中文手册spring+acegi+中文手册spring+acegi+中文手册spring+acegi+中文手册spring+acegi+中文手册spring+acegi+中文手册spring+acegi+中文手册spring+acegi+中文手册spring+...
acegi 框架 介绍 spring 安全
1、一个Acegi的例子,可以运行 2、一个很好的学Acegi的网址,0基础学习Acegi,强烈推荐 3、有什么问题可以发邮件heroshen@126.com讨论
Acegi能做什么 Acegi的体系结构 Acegi核心组件 典型的web认证过程 Acegi的登陆认证 Acegi对安全对象的访问控制 Filter 组件 Acegi的不足之处
Acegi(version1.0.4)中文参考手册.doc
Acegi学习笔记(JAVA系统安全编程时用到),我就用到了Acegi,真的太牛了。
权限控制技术的解释,acegi中文参考手册
acegi-security 1.0.2.jar
acegi,spring的安全验证框架