如何从 Java 中的 UserPrincipal 获取角色?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23911018/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to get Roles from UserPrincipal in Java?
提问by Nadendla
I created a class(Named as CustomRequestWrapper) which is implementing HttpServletRequestWrapper.In CustomRequestWrapperclass i am setting user principal.Now in my code i want to get list of roles from the user principal.I tried to use GenericPrincipal Class from tomcat-catalinajar but i am getting casting exception CustomRequestWrappercannot be cast to GenericPrincipal. Could any one have idea how to get roles from user principal?
我创建了一个类(命名为CustomRequestWrapper),它正在实现HttpServletRequestWrapper。在CustomRequestWrapper类中,我正在设置用户主体。现在在我的代码中,我想从用户主体获取角色列表。我尝试使用tomcat-catalinajar 中的GenericPrincipal 类但我遇到了转换异常CustomRequestWrapper无法转换为GenericPrincipal。任何人都可以知道如何从用户主体获取角色吗?
Note: I am using Apache Tomcat Server
注意:我使用的是 Apache Tomcat 服务器
Here's my code:
这是我的代码:
public class CustomRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper {
public CustomRequestWrapper(String User,List<String> roles,HttpServletRequest request) {
super(request);
this.user=User;
this.roles=roles;
this.realRequest=request;
headerMap = new HashMap();
}
String user;
List<String> roles = null;
HttpServletRequest realRequest;
private Map headerMap;
public void addHeader(String name, String value) {
headerMap.put(name, new String(value));
}
public Enumeration getHeaderNames() {
HttpServletRequest request = (HttpServletRequest) getRequest();
List list = new ArrayList();
for (Enumeration e = request.getHeaderNames(); e.hasMoreElements();) {
list.add(e.nextElement().toString());
}
for (Iterator i = headerMap.keySet().iterator(); i.hasNext();) {
list.add(i.next());
}
return Collections.enumeration(list);
}
public String getHeader(String name) {
Object value;
if ((value = headerMap.get("" + name)) != null)
return value.toString();
else
return ((HttpServletRequest) getRequest()).getHeader(name);
}
@override
public boolean isUserInRole(String role) {
if (roles == null) {
return this.realRequest.isUserInRole(role);
}
return roles.contains(role);
}
@override
public Principal getUserPrincipal() {
if (this.user == null) {
return realRequest.getUserPrincipal();
}
// make an anonymous implementation to just return our user
return new Principal() {
public String getName() {
return user;
}
};
}
}
}
采纳答案by Serge Ballesta
From your code, you inject the username and the roles into your CustomRequestWrapperin constructor. As you have overriden getUserPrincipalin CustomRequestWrapperit returns no longer a tomcat GenericPrincipalbut your anonymous class that only knows to return the name of the user you gave, this via getName(). You should try to return a tomcat GenericPrincipalthrough
从您的代码中,您将用户名和角色注入到您的CustomRequestWrapperin 构造函数中。由于您已经覆盖它getUserPrincipal,CustomRequestWrapper它不再返回一个 tomcat,GenericPrincipal而是您的匿名类,它只知道返回您提供的用户名,这通过getName(). 你应该尝试返回了tomcatGenericPrincipal通过
@Override
public Principal getUserPrincipal()
{
if (this.user == null)
{
return realRequest.getUserPrincipal();
}
// return a forged GenericPrincipal
return new GenericPrincipal(user, "", roles);
}
Alternatively, you could create a custom implementation of Principal knowing about roles.
或者,您可以创建一个了解角色的 Principal 的自定义实现。
That will only work if you successfully inject your user and its roles at CustomRequestWrapperconstruction.
只有当您在CustomRequestWrapper构建时成功注入用户及其角色时,这才会起作用。
回答by tmarwen
The exception you mentioned may be the key to solve your issue
您提到的异常可能是解决您问题的关键
CustomRequestWrapper cannot be cast to GenericPrincipal
You have to cast the Principalobject and not the CustomRequestWrapper. Here is a sample method that you can add under your CustomRequestWrapperclass and which should return the list of user roles under Tomcat AS. (I assume that this is a messy method):
您必须投射Principal对象而不是CustomRequestWrapper. 这是您可以在您的CustomRequestWrapper类下添加的示例方法,它应该返回 Tomcat AS 下的用户角色列表。(我认为这是一个凌乱的方法):
private String[] getRolePrincipal() {
final GenericPrincipal genericPrincipal = (GenericPrincipal) getUserPrincipal();
return genericPrincipal.getRoles();
}
So the final CustomRequestWrapperwill be as follows:
所以最终的结果CustomRequestWrapper如下:
public class CustomRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper
{
public CustomRequestWrapper(String User, List<String> roles, HttpServletRequest request)
{
super(request);
this.user = User;
this.roles = roles;
this.realRequest = request;
headerMap = new HashMap();
}
String user;
List<String> roles = null;
HttpServletRequest realRequest;
private Map headerMap;
public void addHeader(String name, String value)
{
headerMap.put(name, new String(value));
}
public Enumeration getHeaderNames()
{
HttpServletRequest request = (HttpServletRequest) getRequest();
List list = new ArrayList();
for (Enumeration e = request.getHeaderNames(); e.hasMoreElements(); )
{
list.add(e.nextElement().toString());
}
for (Iterator i = headerMap.keySet().iterator(); i.hasNext(); )
{
list.add(i.next());
}
return Collections.enumeration(list);
}
public String getHeader(String name)
{
Object value;
if ((value = headerMap.get("" + name)) != null)
return value.toString();
else
return ((HttpServletRequest) getRequest()).getHeader(name);
}
@Override
public boolean isUserInRole(String role)
{
if (roles == null)
{
return this.realRequest.isUserInRole(role);
}
return roles.contains(role);
}
@Override
public Principal getUserPrincipal()
{
if (this.user == null)
{
return realRequest.getUserPrincipal();
}
// make an anonymous implementation to just return our user
return new Principal()
{
public String getName()
{
return user;
}
};
}
public String[] getRolePrincipal() {
final GenericPrincipal genericPrincipal = (GenericPrincipal) getUserPrincipal();
return genericPrincipal.getRoles();
}
}
