如何在spring security中更新用户权限后立即启用权限? [英] How to immediately enable the authority after update user authority in spring security?
问题描述
我正在使用spring-security框架。当我更新权限时,它不会立即生效。我必须退出当前用户(意味着退出),然后重新访问(意味着登录)将更新用户的权限。
I'm using spring-security framework.When I update the permissions,It does not take effect immediately.I have to quit the current user(means logout), and then re-visit(means login) will be to update the user's permission.
在spring security中更新用户权限后,是否可以立即启用权限?
Is a way that immediately enable the authority after update user authority in spring security?
推荐答案
您可以在
中设置alwaysReauthenticate AbstractSecurityInterceptor 就像这样
<bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="alwaysReauthenticate" value="true"/>
...
</bean>
当然你应该注意,因为99.9%你不需要重新认证。由于身份验证可能使用数据库或其他内容,因此性能可能会降低。但通常你有一个缓存,比如带有休眠的二级缓存,所以每次加载用户详细信息应该是一个只有内存的操作,在所有情况下权限都没有改变。
Of course you should pay attention because 99,9% you don't need reauthentication. As authentication might use a database or something else your performance might degrade. But usually you have a cache, like 2nd Level with hibernate, so loading the userdetails everytime should be an memory only operation in all cases where authorities havn't changed.
这篇关于如何在spring security中更新用户权限后立即启用权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!