扩展Jhipster JWT(Spring)整体应用程序以支持模拟 [英] Extending a Jhipster JWT (Spring) monolith application to support impersonation
问题描述
我已经生成了一个使用JWT身份验证的jhipster angular/java应用程序.
I have generated a jhipster angular/java application that is using JWT authentication.
我现在想扩展该应用程序以支持模拟.
我对实现以下目标感兴趣:
I am interested in achieving the following:
-
由管理员进行的模拟:允许管理员用户以任何其他用户身份登录
Impersonation by admin: Allowing the admin user to login as any other user
授予用户的假冒行为:允许已被授予模仿用户(由用户本身授予)的权限的另一个用户以该其他用户身份登录.
Impersonation granted to user: Allowing another user that has been granted the right to impersonate a user (granted by the user itself) to login as that other user.
审核-记录更改(审核功能)-审核记录必须能够区分实际用户和模拟用户,并将其记录在审核记录中.
Audit - recording changes (audit function) - the audit trail must be able to distinguish between the actual user and an impersonated user and record this in the audit trail.
我看到Spring支持模拟,但是对于使用JWT的人,我不清楚如何在Jhipster应用程序中正确实现它.我不确定Spring路线是否适合JHipster-JWT-Monolith应用程序-我认为这不是正确的方法.
I see that Spring supports impersonation but it is unclear to me how I can implement it properly in my Jhipster application given that JWT is used. I am not sure if the Spring route is appropriate for JHipster-JWT-Monolith application - I am of the opinion that it not the right approach.
虽然其他各种帖子上的信息不完整,但是经过大量搜索之后,我一直找不到能够提供清晰分步指南的帖子.如果有人能为我做到这一点,将不胜感激.我希望其他人也会发现这样的答案非常有用.
While there are some incomplete information on various other posts, after an extensive search I have been unable to find a post that can provide clear step by step guide on this. If somebody can do that for me it would be greatly appreciated. I expect others would also find such an answer very useful.
先谢谢了. 弗加尔(Fergal)
Thanks in advance. Fergal
推荐答案
您只需要在UserJwtController.java中添加以下方法
You just need to add below method in UserJwtController.java
@PostMapping("/authenticate-externalnodes")
public ResponseEntity<JWTToken> authenticateExternalnodes(@Valid @RequestBody LoginVM loginVM) {
// Get Roles for user via username
Set<Authority> authorities = userService.getUserWithAuthoritiesByLogin(loginVM.getUsername()).get()
.getAuthorities();
// Create Granted Authority Rules
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
for (Authority authority : authorities) {
grantedAuthorities.add(new SimpleGrantedAuthority(authority.getName()));
}
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
loginVM.getUsername(), "", grantedAuthorities);
Authentication authentication = authenticationToken;
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
这篇关于扩展Jhipster JWT(Spring)整体应用程序以支持模拟的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!