如何检查Spring Security进行用户身份验证和Flex的角色获得？ [英] How can I check Spring Security for user authentication and get roles from Flex?

问题描述

我使用的弹簧，弹簧安全，BlazeDS的，Flex和弹簧弹性。

我知道我可以打电话给 channelSet.login（）和 channelSet.logout（）挂钩到春天安全性进行验证。 channelSet.authenticated 显然只知道在当前的Flex会议，因为它总是开始了作为的假的，直到你调用 channelSet都的.login（）。

我想要做的：

  
1. 从Flex的检查以了解如果用户已经在一个会话。

  
2. 如果是这样，我想他们的用户名和角色。

更新结果
我只是想我要补充，我从 brd6644 的回答以下使用的解决方案的细节，所以这可能是更容易别人谁看起来这件事。我用<一个href=\"http://stackoverflow.com/questions/248562/when-using-spring-security-what-is-the-proper-way-to-obtain-current-username-i\">this StackOverflow的答案让 SecurityContext的注射。我不会改写在这一个答案code，所以去看看它的 SecurityContextFacade 。

的 securityServiceImpl.java 的

 公共类SecurityServiceImpl实现SecurityService {
    私人SecurityContextFacade securityContextFacade;    @Secured（{ROLE_PEON}）
    公共地图＆LT;弦乐，对象＆gt; getUserDetails（）{
        地图＆LT;弦乐，对象＆gt; userSessionDetails =新的HashMap＆LT;弦乐，对象＆gt;（）;        SecurityContext的背景= securityContextFacade.getContext（）;
        验证AUTH = context.getAuthentication（）;
        的UserDetails为userDetails =（的UserDetails）auth.getPrincipal（）;        ArrayList的角色=新的ArrayList（）;
        的GrantedAuthority [] = grantedRoles userDetails.getAuthorities（）;
        的for（int i = 0; I＆LT; grantedRoles.length;我++）{
            roles.add（grantedRoles [I] .getAuthority（））;
        }        userSessionDetails.put（用户名，userDetails.getUsername（））;
        userSessionDetails.put（角色角色）;
        返回userSessionDetails;
    }
}
 

的 securityContext.xml 的

 ＆LT;安全性：HTTP自动配置=真正的＆GT;
    ＆LT;！ - 不验证Flex应用程序 - ＆GT;
    ＆LT;安全：拦截-URL模式=/ flexAppDir / **访问=IS_AUTHENTICATED_ANONYMOUSLY/＆GT;
    ＆LT;！ - 不验证远程调用 - ＆GT;
    ＆LT;安全：拦截-URL模式=/ messagebroker / amfsecure访问=IS_AUTHENTICATED_ANONYMOUSLY/＆GT;
＆LT; /安全：HTTP＆GT;＆LT;安全：全球方法的安全性保护的注解=已启用/＆GT;＆LT;豆的id =securityService级=ext.domain.project.service.SecurityServiceImpl＆GT;
    ＆LT;属性名=securityContextFacadeREF =securityContextFacade/＆GT;
＆LT; /豆＆GT;
＆LT;豆的id =securityContextFacade级=ext.domain.spring.security.SecurityContextHolderFacade/＆GT;
 

的 flexContext.xml 的

 ＆LT;软硬度：消息中介＆GT;
    ＆LT;软硬度：固定/＆GT;
＆LT; /柔性：消息中介＆GT;＆LT;软硬度：远程目的地REF =securityService/＆GT;
＆LT;安全：HTTP自动配置=真正的会话固定保护=无/＆GT;
 

的 FlexSecurityTest.mxml 的

 ＆LT; MX：应用程序... creationComplete =的init（）＆GT;    ＆LT; MX：脚本＆GT;＆LT; [CDATA [！
        [绑定]
        私人VAR为userDetails：是UserDetails; //定制VO保存用户信息        私有函数的init（）{无效
            security.getUserDetails（）;
        }        私有函数showfault的（E：的FaultEvent）：无效{
            如果（e.fault.fault code ==Client.Authorization）{
                Alert.show（您需要登录）;
                //显示登录表单
            }其他{
                //提交一票
            }
        }
        私有函数showResult（E：的ResultEvent）：无效{
            为userDetails =新的UserDetails（）;
            userDetails.username = e.result.username;
            userDetails.roles = e.result.roles;
            //显示用户应用
        }
    ]]＆GT;＆LT; / MX：脚本＆GT;    ＆LT; MX：RemoteObject的ID =安全的目标=securityService＆GT;
        ＆LT; MX：方法名=getUserDetails故障=showfault的（事件）的结果=showResult（事件）/＆GT;
    ＆LT; / MX：RemoteObject的＆GT;    ...
＆LT; / MX：用途＆gt;
 

解决方案

如果您使用春天BlazeDS集成，您可以使用org.springframework.flex.security.AuthenticationResultUtils实现getUserDetails方法。

 公开地图＆LT;弦乐，对象＆gt; getUserDetails（）{
 返回AuthenticationResultUtils.getAuthenticationResult（）;
}
 

I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex.

I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication. channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login().

What I want to do:

1. Check from Flex to know if a user is already in a session.
2. If so, I want their username and roles.

UPDATE
I just thought I'd add details of the solution I used from brd6644's answer below, so that this might be easier for someone else who looks this up. I used this StackOverflow answer to make the SecurityContext injectable. I won't be rewriting the code from that answer in this one, so go look at it for the SecurityContextFacade.

securityServiceImpl.java

public class SecurityServiceImpl implements SecurityService {
    private SecurityContextFacade securityContextFacade;

    @Secured({"ROLE_PEON"})
    public Map<String, Object> getUserDetails() {
        Map<String,Object> userSessionDetails = new HashMap<String, Object>();

        SecurityContext context = securityContextFacade.getContext();
        Authentication auth = context.getAuthentication();
        UserDetails userDetails = (UserDetails) auth.getPrincipal();

        ArrayList roles = new ArrayList();
        GrantedAuthority[] grantedRoles = userDetails.getAuthorities();
        for (int i = 0; i < grantedRoles.length; i++) {
            roles.add(grantedRoles[i].getAuthority());
        }

        userSessionDetails.put("username", userDetails.getUsername());
        userSessionDetails.put("roles", roles);
        return userSessionDetails;
    }
}

securityContext.xml

<security:http auto-config="true">
    <!-- Don't authenticate Flex app -->
    <security:intercept-url pattern="/flexAppDir/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <!-- Don't authenticate remote calls -->
    <security:intercept-url pattern="/messagebroker/amfsecure" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>

<security:global-method-security secured-annotations="enabled" />

<bean id="securityService" class="ext.domain.project.service.SecurityServiceImpl">
    <property name="securityContextFacade" ref="securityContextFacade" />
</bean>
<bean id="securityContextFacade" class="ext.domain.spring.security.SecurityContextHolderFacade" />

flexContext.xml

<flex:message-broker>
    <flex:secured />
</flex:message-broker>

<flex:remoting-destination ref="securityService" />
<security:http auto-config="true" session-fixation-protection="none"/>

FlexSecurityTest.mxml

<mx:Application ... creationComplete="init()">

    <mx:Script><![CDATA[
        [Bindable]
        private var userDetails:UserDetails; // custom VO to hold user details

        private function init():void {
            security.getUserDetails();
        }

        private function showFault(e:FaultEvent):void {
            if (e.fault.faultCode == "Client.Authorization") {
                Alert.show("You need to log in.");
                // show the login form
            } else {
                // submit a ticket
            }
        }
        private function showResult(e:ResultEvent):void {
            userDetails = new UserDetails();
            userDetails.username = e.result.username;
            userDetails.roles = e.result.roles;
            // show user the application
        }
    ]]></mx:Script>

    <mx:RemoteObject id="security" destination="securityService">
        <mx:method name="getUserDetails" fault="showFault(event)" result="showResult(event)" />
    </mx:RemoteObject>

    ...
</mx:Application>

解决方案

If you use Spring Blazeds integration , you can implement getUserDetails method using org.springframework.flex.security.AuthenticationResultUtils.

public Map<String, Object> getUserDetails() {  
 return AuthenticationResultUtils.getAuthenticationResult();
}

这篇关于如何检查Spring Security进行用户身份验证和Flex的角色获得？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！