如何从 Spring security 3.1 获取当前用户角色
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10092882/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I get the current user roles from Spring security 3.1
提问by Bhas
I have loaded the roles from the database for the current user. And I can access the user role with spring security expression in JSP, and can hide the options and URLs which are not authorized with hasRole. Now I wanted to have it in the servlet and display it in the logs (or store in the user object session). How can we achieve it?
我已经从数据库中为当前用户加载了角色。并且我可以在JSP中使用spring security表达式访问用户角色,并且可以隐藏未经hasRole授权的选项和URL。现在我想将它放在 servlet 中并在日志中显示它(或存储在用户对象会话中)。我们怎样才能实现它?
回答by Dani
You can try something like this:
你可以尝试这样的事情:
Collection<SimpleGrantedAuthority> authorities = (Collection<SimpleGrantedAuthority>) SecurityContextHolder.getContext().getAuthentication().getAuthorities();
You have the collection of roles in the authorities variable.
您有权限变量中的角色集合。
回答by Bogusz
If you develop on Java 8, it's getting easier.
如果您在 Java 8 上开发,它会变得更容易。
To get all user roles:
获取所有用户角色:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Set<String> roles = authentication.getAuthorities().stream()
.map(r -> r.getAuthority()).collect(Collectors.toSet());
To check if the user has a particular role, for example, ROLE_USER:
要检查用户是否具有特定角色,例如,ROLE_USER:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
boolean hasUserRole = authentication.getAuthorities().stream()
.anyMatch(r -> r.getAuthority().equals("ROLE_USER"));
回答by maximdim
Try to call getUserPrincipal()from HttpServletRequest.
尝试从 HttpServletRequest调用getUserPrincipal()。
回答by Alireza Fattahi
To complete both answers...
要完成两个答案...
Here is a Spring security implementation of getUserPrincipal, so you can see that the getUserPrincipalactually is SecurityContextHolder
这是 的 Spring 安全实现getUserPrincipal,因此您可以看到getUserPrincipal实际上是 SecurityContextHolder
public Principal getUserPrincipal() {
Authentication auth = getAuthentication();
if ((auth == null) || (auth.getPrincipal() == null)) {
return null;
}
return auth;
}
// And the getAuthentication
private Authentication getAuthentication() {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (!trustResolver.isAnonymous(auth)) {
return auth;
}
return null;
}
回答by Sebastian U.
I've created a custom hasRolefunction for my project.
我hasRole为我的项目创建了一个自定义函数。
public static boolean hasRole (String roleName)
{
return SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream()
.anyMatch(grantedAuthority -> grantedAuthority.getAuthority().equals(roleName));
}
