春季安全:设置GrantedAuthorities [英] Spring Security: Set GrantedAuthorities
问题描述
反正是有设定列表与LT;&GrantedAuthority的GT;
在认证/ UserDetailsImpl反对呢?在我的应用程序,我有两种安全层,一个用于记录(使用<$ C $它使用我的自定义登录身份验证,在我设置了验证
对象的类C> UsernamePasswordAuthenticationToken ),另一个是挑战问题,其中提示用户回答特定问题。
Is there anyway to set the List<GrantedAuthority>
in the Authentication/UserDetailsImpl object? In my application, I have two layers of security, one for logging in (which uses my custom login authenticator, in the class I set the Authentication
object using the UsernamePasswordAuthenticationToken
) and one for a "challenge question" where the user is prompted to answer a particular question.
我想要做的就是添加一个的GrantedAuthority
来的电流列表&LT;的GrantedAuthority&GT;
,这是过程中产生在登录过程中,用户回答提示问题后。
What I want to do is add a GrantedAuthority
to the current List<GrantedAuthority>
, which was created during the login process, after the user answers the challenge question.
这可能吗?
推荐答案
您可以通过以下code做到这一点:
you can do it with following code:
Collection<SimpleGrantedAuthority> oldAuthorities = (Collection<SimpleGrantedAuthority>)SecurityContextHolder.getContext().getAuthentication().getAuthorities();
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_ANOTHER");
List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>();
updatedAuthorities.add(authority);
updatedAuthorities.addAll(oldAuthorities);
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken(
SecurityContextHolder.getContext().getAuthentication().getPrincipal(),
SecurityContextHolder.getContext().getAuthentication().getCredentials(),
updatedAuthorities)
);
这篇关于春季安全:设置GrantedAuthorities的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!