同一会话中的不同用户限制 [英] Different user restrictions in same session
问题描述
我们正在开发一个网站,我们遇到了这个问题:对于这个网站,有两种类型的用户:客户和管理员。管理员可以查看所有产品(例如,包括过期产品),而客户只能看到子集。
我们通过对客户组和管理员组进行用户限制来实现此目标。根据用户登录显示产品。如果他属于客户组,则会应用一组限制,如果他属于管理员组,则适用另一组限制。
现在,管理员可能会希望从客户角度查看网站。由于在同一会话中不可能有两个用户,因此当前管理员已由系统注销,并以用户组的用户身份登录。然而,这种情况并不理想。
以前有没有人遇到过这种情况,并且有某种干净的解决方案?底层技术是基于Tomcat 6.0.29的自定义服务器。我们正在开发使用Java。
谢谢:)
Krt_Malta
@Krt_Malta :如果您使用的是Spring Security,则无需管理员注销,然后以用户身份重新登录。要做到这一点,您需要配置 SwitchUserFilter ...它允许用户从一个角色切换到另一个角色,而无需注销,这就是您想要的。
We're developing a website and we've encountered this issue: for this website there are 2 types of users: the customer and an administrator. The administrator can see all products (e.g. including expired products) while the customer can only see a subset.
We're achieving this through user restrictions for the customer group and the administrator group. Products are displayed according to the user logged in. If he belongs to the customer group then a set of restrictions apply, if he belongs to the administrator group another set of restrictions applies.
Now, it can be the case that an administrator wants to see the website from a customer perspective. Since it's impossible to have two users in the same session, currently the administrator is logged out by the system and is logged in as a user in the customer group. This situation however is not ideal.
Has anyone ever encountered this situation before and is there a clean solution somehow? The underlying technology is a custom server based on Tomcat 6.0.29. We're developing using Java.
Thanks :) Krt_Malta
@Krt_Malta: If you are using Spring Security, then you don't need to have the administrator to log out and then log back in as a user. To accomplish that, you will need to configure SwitchUserFilter... it allows the user to switch from one role to another without the need to log out, which is what you want.
这篇关于同一会话中的不同用户限制的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
