用户角色从 Spring Security Web 层传播到 EJB 层
我有一个问题。我不太明白,用户的角色列表是如何使用 Spring Security 从 Web 层传播到 EJB 的。这是我的研究。
我在 Spring 应用程序上下文中写下了这一点:
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="jimi" password="test" authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="bob" password="test" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
登录后,我打开页面,其中对用户角色进行了两次测试。一个位于 Web 层
<p>User is in role <code>ROLE_ADMIN</code>: <code>#{request.isUserInRole('ROLE_ADMIN')}</code></p>
,第二个位于 EJB 层:
@Resource
SessionContext ctx;
@Override
public String getString() {
return "Authorized user: " + ctx.getCallerPrincipal() + ", admin=" + ctx.isCallerInRole("ROLE_ADMIN");
}
但结果不一致:
Authorized user: jimi, admin=false
User is in role ROLE_ADMIN: true
我认为我需要将用户jimi 添加到其中一个领域。但现在,当我在文件领域中创建具有角色 ROLE_ADIM 的用户 jimi 时,我得到了相同的结果。用户名会传播,但角色列表不会传播。我正在阅读手册,但现在不知道我正在寻找什么。
感谢您的任何提示。
I have a question. I don't exactly understand, how is the list of roles of an user propageated from web tier using Spring Security to EJB. Here is my research.
I have written down this in Spring application context:
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="jimi" password="test" authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="bob" password="test" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
After login I open the page, where I have two tests of user's role. One is situated in web tier
<p>User is in role <code>ROLE_ADMIN</code>: <code>#{request.isUserInRole('ROLE_ADMIN')}</code></p>
and the second in the EJB tier:
@Resource
SessionContext ctx;
@Override
public String getString() {
return "Authorized user: " + ctx.getCallerPrincipal() + ", admin=" + ctx.isCallerInRole("ROLE_ADMIN");
}
But result is inconsistent:
Authorized user: jimi, admin=false
User is in role ROLE_ADMIN: true
I tought I needed to add the user jimi into one of realms. But now, when I have created the user jimi with role ROLE_ADIM in file realm, I get the same result. The user name is propagated, but role list isn't. I'm reading manuals, but I don't now, what I'm exactly looking for.
Thanks for any hint.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论