Vaadin 14 和 Push:在请求线程外访问 Spring SecurityContext 和身份验证 [英] Vaadin 14 and Push: Accessing Spring SecurityContext and Authentication outside the request thread

问题描述

我遇到了和这个人一样的问题:https://vaadin.com/forum/thread/3383122/17008971

I had the same problem this guy had: https://vaadin.com/forum/thread/3383122/17008971

从服务器接收状态时，我尝试通过客户端上的推送(使用 ui.access)刷新内容.该内容需要当前校长的信息.

When receiving a status from the server I try to refresh content via push (using ui.access) on the client. That content needs the current principal's information.

final SecurityContext securityContext = SecurityContextHolder.getContext();
final Authentication authentication = securityContext.getAuthentication();

这个

authentication 

返回空值.

他使用 Vaadin Shared Security 解决了这个问题，但我找不到任何名为 Vaadin Shared Sec 的存储库或库.有没有其他方法可以解决这个问题?

He solved this problem using Vaadin Shared Security, but I can't find any repo or library called Vaadin Shared Sec. Are there any other ways to solve the problem?

推荐答案

为什么不直接在视图构造函数中获取身份验证详细信息并将它们设为类范围，或者让一个 bean 来执行此操作并设置其值?例如

Why not just get the auth details in the view constructor and make them class-scoped, or have a bean to do that and set its values ? E.g.

@Route("some-view")
public class SomeView extends VerticalLayout {
    Authentication authentication;
    private void doHeavyStuff() {
        try {
            Thread.sleep(1500);
        } catch (InterruptedException ex) {
            // ignore
        }
    }
    public SomeView() {
        authentication = SecurityContextHolder.getContext().getAuthentication();
        final Button button = new Button("Click me", e -> {
            Notification.show("CLICKED");
            getUI().ifPresent(ui -> {
                ExecutorService executor = Executors.newSingleThreadExecutor();
                executor.submit(() -> {
                    doHeavyStuff();
                    ui.access(() -> {
                        Notification.show("Calculation done");
                    });
                });
            });
        });
        add(button);
        // simple link to the logout endpoint provided by Spring Security
        Element logoutLink = ElementFactory.createAnchor("logout", "Logout");
        getElement().appendChild(logoutLink);
    }
}

我在本教程中基于此答案(也对其进行了测试)，如果您想了解更多信息:https://vaadin.com/learn/tutorials/使用 spring-security/speciale 保护您的应用程序

I based this answer (tested it as well) in this tutorial, if you want to learn more about it: https://vaadin.com/learn/tutorials/securing-your-app-with-spring-security/speciale

这篇关于Vaadin 14 和 Push:在请求线程外访问 Spring SecurityContext 和身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！