如何在spring security中更新用户权限后立即启用权限？ [英] How to immediately enable the authority after update user authority in spring security?

问题描述

我正在使用spring-security框架。当我更新权限时，它不会立即生效。我必须退出当前用户（意味着退出），然后重新访问（意味着登录）将更新用户的权限。

I'm using spring-security framework.When I update the permissions,It does not take effect immediately.I have to quit the current user(means logout), and then re-visit(means login) will be to update the user's permission.

在spring security中更新用户权限后，是否可以立即启用权限？

Is a way that immediately enable the authority after update user authority in spring security?

推荐答案

您可以在
中设置alwaysReauthenticate AbstractSecurityInterceptor 就像这样

<bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <property name="alwaysReauthenticate" value="true"/>
 ...
</bean>

当然你应该注意，因为99.9％你不需要重新认证。由于身份验证可能使用数据库或其他内容，因此性能可能会降低。但通常你有一个缓存，比如带有休眠的二级缓存，所以每次加载用户详细信息应该是一个只有内存的操作，在所有情况下权限都没有改变。

Of course you should pay attention because 99,9% you don't need reauthentication. As authentication might use a database or something else your performance might degrade. But usually you have a cache, like 2nd Level with hibernate, so loading the userdetails everytime should be an memory only operation in all cases where authorities havn't changed.

这篇关于如何在spring security中更新用户权限后立即启用权限？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！