Glassfish安全:角色更改应立即生效 [英] Glassfish Security: Role changes should take effect immediately
问题描述
我正在使用JDBC领域进行身份验证和授权。当我从数据库中的用户删除角色时,更改不会立即反映在应用程序中,只会在下次用户登录时反映出来。角色更改是否可能立即生效?我知道我必须把这个逻辑放在应用程序本身,但我不知道如何在他登录时将这些更改应用于特定用户。我正在使用GF 3.1。
I'm using a JDBC realm for authentication and authorization. When I remove a role from a user in the DB, the changes are not reflected immediately in the application, only at the next user login. Is it possible that role changes take effect immediately? I know I have to put this logic in the application itself, but I don't know how to apply this changes to a specific user while he's logged in. I'm using GF 3.1.
推荐答案
没有API提供的方法。您最好的选择是将登录用户( UserPrincipal )包装在您自己的用户模型对象中(可以是作为同一个表的良好(JPA)实体,它允许更改角色,然后在 Filter 和 HttpSessionListener 。最后,在管理面板中,只需检查set / map中是否有 User ,然后相应地获取并更改它。它将立即反映给实际的最终用户。
There are no API-provided ways for this. Your best bet is to wrap the logged-in user (the UserPrincipal) in your own User model object (can be as good a (JPA) entity of the very same table) which allows changing the role and then collect all logged-in users in some static/application-wide set/map with help of a Filter and HttpSessionListener. Finally, in the admin panel, just check if the User is there in the set/map then get and alter it accordingly. It'll be reflected immediately for the actual enduser.
- How to listen on realm events?
- How to check which users are all logged-in?
这篇关于Glassfish安全:角色更改应立即生效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
