如何检查 Spring Security 的用户身份验证并从 Flex 获取角色? [英] How can I check Spring Security for user authentication and get roles from Flex?
问题描述
我正在使用 Spring、Spring Security、BlazeDS、Flex 和 spring-flex.
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex.
我知道我可以调用 channelSet.login() 和 channelSet.logout() 来挂钩 Spring Security 进行身份验证.channelSet.authenticated 显然只知道当前的 Flex 会话,因为它总是以 false 开始,直到您调用 channelSet.login().
I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication. channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login().
我想做什么:
- 通过 Flex 检查以了解用户是否已在会话中.
- 如果是这样,我想要他们的用户名和角色.
更新
我只是想我会在下面的 brd6644 的回答中添加我使用的解决方案的详细信息,这样可能会更容易对于查找此内容的其他人.我使用了这个 StackOverflow 答案使 SecurityContext 可注入.我不会在这个答案中重写该答案的代码,因此请查看 SecurityContextFacade.
UPDATE
I just thought I'd add details of the solution I used from brd6644's answer below, so that this might be easier for someone else who looks this up. I used this StackOverflow answer to make the SecurityContext injectable. I won't be rewriting the code from that answer in this one, so go look at it for the SecurityContextFacade.
securityServiceImpl.java
public class SecurityServiceImpl implements SecurityService {
private SecurityContextFacade securityContextFacade;
@Secured({"ROLE_PEON"})
public Map<String, Object> getUserDetails() {
Map<String,Object> userSessionDetails = new HashMap<String, Object>();
SecurityContext context = securityContextFacade.getContext();
Authentication auth = context.getAuthentication();
UserDetails userDetails = (UserDetails) auth.getPrincipal();
ArrayList roles = new ArrayList();
GrantedAuthority[] grantedRoles = userDetails.getAuthorities();
for (int i = 0; i < grantedRoles.length; i++) {
roles.add(grantedRoles[i].getAuthority());
}
userSessionDetails.put("username", userDetails.getUsername());
userSessionDetails.put("roles", roles);
return userSessionDetails;
}
}
securityContext.xml
<security:http auto-config="true">
<!-- Don't authenticate Flex app -->
<security:intercept-url pattern="/flexAppDir/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Don't authenticate remote calls -->
<security:intercept-url pattern="/messagebroker/amfsecure" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<security:global-method-security secured-annotations="enabled" />
<bean id="securityService" class="ext.domain.project.service.SecurityServiceImpl">
<property name="securityContextFacade" ref="securityContextFacade" />
</bean>
<bean id="securityContextFacade" class="ext.domain.spring.security.SecurityContextHolderFacade" />
flexContext.xml
<flex:message-broker>
<flex:secured />
</flex:message-broker>
<flex:remoting-destination ref="securityService" />
<security:http auto-config="true" session-fixation-protection="none"/>
FlexSecurityTest.mxml
<mx:Application ... creationComplete="init()">
<mx:Script><![CDATA[
[Bindable]
private var userDetails:UserDetails; // custom VO to hold user details
private function init():void {
security.getUserDetails();
}
private function showFault(e:FaultEvent):void {
if (e.fault.faultCode == "Client.Authorization") {
Alert.show("You need to log in.");
// show the login form
} else {
// submit a ticket
}
}
private function showResult(e:ResultEvent):void {
userDetails = new UserDetails();
userDetails.username = e.result.username;
userDetails.roles = e.result.roles;
// show user the application
}
]]></mx:Script>
<mx:RemoteObject id="security" destination="securityService">
<mx:method name="getUserDetails" fault="showFault(event)" result="showResult(event)" />
</mx:RemoteObject>
...
</mx:Application>
推荐答案
如果你使用 Spring Blazeds 集成 ,您可以使用 org.springframework.flex.security.AuthenticationResultUtils 实现 getUserDetails 方法.
If you use Spring Blazeds integration , you can implement getUserDetails method using org.springframework.flex.security.AuthenticationResultUtils.
public Map<String, Object> getUserDetails() {
return AuthenticationResultUtils.getAuthenticationResult();
}
这篇关于如何检查 Spring Security 的用户身份验证并从 Flex 获取角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
