春天如何假冒 [英] How to do impersonation in spring
问题描述
我们有多个门户Employer-portal,Employee-portal和Admin-port,所有三个门户都是分别部署的.所有门户网站都遵循spring-mvc模式.然后,我们使用spring安全性,并使用openId进行登录和注销.
We have multiple portals Employer-portal, Employee-portal and Admin-portal , All three portals are deployed separately. All portals follow spring-mvc pattern. And we used spring security and using openId for login and logout.
现在,我们要提供管理员门户功能,管理员可以将其模拟为雇员和雇主,并代表他们做事.
Now we want to give admin-portal feature that admin can impersonate as employee and employer and do things on their behalf.
任何有以前经验的机构都可以指导我如何进行工作,或者可以分享我可以读到的任何好文章以获取关于它的丰富知识.
Can any body with previous experience guide my how to work on it, or can share any good article which i can readout to get good knowledge over it.
谢谢
推荐答案
从您的问题来看,这听起来并不像您真的想要'runAsManager'.
From your question, it doesn't sound like you really want 'runAsManager'.
一种方法是使用类似假冒"方法的东西,当然,它本身需要加以保护,也许使用方法级别的安全注释.
One way would be to use something like an 'impersonate' method, which itself would need to be secured of course, maybe using method level security annotations.
为此,您可以使用以下内容:
For that, you can use something like:
@PreAuthorize("hasRole('ROLE_ADMIN')")
本质上,您需要做的是构建一个身份验证对象,并使用该对象填充安全性上下文(ThreadLocal).
Essentially, what you need to do is to build an authentication object and populate the Security Context (ThreadLocal) with that.
类似的东西:
Authentication other = createAuthentication(someUsername); //Implement this
SecurityContextHolder.getContext().setAuthentication(other);
我可以看到这种方法的吸引力,但是,当然,这是否一个好主意取决于您允许管理员代表用户执行的操作.花钱吗?看到他们的电子邮件了吗?如果用例有效,则至少要审核这种操作.
I can see the appeal of this approach, but of course, whether or not it's a good idea depends on what you're allowing admins to do on the user's behalf. Spend their money? See their emails? If the use case is valid, at least audit this kind of operation.
一旦这样冒充其他用户,当前用户将需要注销并再次登录以切换回自己的帐户.
Once impersonating another user like this, the current user will need to log out and log in again to switch back to their own account.
这篇关于春天如何假冒的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
