Acegi Security:如何向匿名用户添加另一个 GrantedAuthority 进行身份验证 [英] Acegi Security: How do i add another GrantedAuthority to Authentication to anonymous user

问题描述

我为用户提供了带有访问密钥的特殊 URL.与简单的匿名用户相比，通过这个特殊 url 访问公共页面的用户应该能够看到一些额外的数据.

i give users special URL with access key in it. users accessing the public page via this special url should be able to see some additional data as compared to simple anonymous user.

我想根据请求中提供的参数给匿名用户一些额外的角色，这样我就可以在我的模板中做这样的事情:

i want to give some additional role to anonymous user based on parameters provided in request so i can do something like this in my template:

<@sec.authorize ifAnyGranted="ROLE_ADMIN, ROLE_USER, ROLE_INVITED_VISITOR">
...some additional stuff for invited user to see
</@sec.authorize>

目前我正在实现 Spring 的 OncePerRequestfilter:

currently i'm implementing Spring's OncePerRequestfilter:

protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    if (null != request.getParameter("accessKey")) {
        if(isValid(request.getParameter("accessKey"))) {
            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
            //how do i add additional roles to authenticated (potentially anonymous) user?
        }
    }
}

推荐答案

为什么不只是创建一个委托给原始类的包装类，而是添加几个额外的 GrantedAuthorities:

Why not just create a wrapper class that delegates to the original, but adds on a couple of extra GrantedAuthorities:

public class AuthenticationWrapper implements Authentication
{
   private Authentication original;
   private GrantedAuthority[] extraRoles;

   public AuthenticationWrapper( Authentication original, GrantedAuthority[] extraRoles )
   {
      this.original = original;
      this.extraRoles = extraRoles;
   }

   public GrantedAuthority[] getAuthorities()
   {
      GrantedAuthority[] originalRoles = original.getAuthorities();
      GrantedAuthority[]  roles = new GrantedAuthority[originalRoles.length + extraRoles.length];
      System.arraycopy( originalRoles, 0, roles, 0, originalRoles.length );
      System.arraycopy( extraRoles, 0, roles, originalRoles.length, extraRoles.length );
      return roles;
   }

   public String getName() { return original.getName(); }
   public Object getCredentials() { return original.getCredentials(); }
   public Object getDetails() { return original.getDetails(); }   
   public Object getPrincipal() { return original.getPrincipal(); }
   public boolean isAuthenticated() { return original.isAuthenticated(); }
   public void setAuthenticated( boolean isAuthenticated ) throws IllegalArgumentException
   {
      original.setAuthenticated( isAuthenticated );
   }  
}

然后在您的过滤器中执行此操作:

and then do this in your filter:

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
GrantedAuthority extraRoles = new GrantedAuthority[2];
extraRoles[0] = new GrantedAuthorityImpl( "Role X" );
extraRoles[1] = new GrantedAuthorityImpl( "Role Y" );
AuthenticationWrapper wrapper = new AuthenticationWrapper( auth, extraRoles );
SecurityContextHolder.getContext().setAuthentication( wrapper );

身份验证现在由您的具有额外角色的版本取代.注意您可能必须处理身份验证尚未通过身份验证的情况，因此其 getAuthorities() 返回 null.(包装器实现目前假定它总是从其包装的身份验证中获得一个非空数组)

The Authentication is now replaced by your version with the extra roles. NB You may have to handle the case where the Authentication has not yet been authenticated and so its getAuthorities() returns null. (The wrapper implementation currently assumes that it will always get a non-null array from its wrapped Authentication)

这篇关于Acegi Security:如何向匿名用户添加另一个 GrantedAuthority 进行身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！