以编程方式访问/检查 Spring Security 分层角色
在我的 Grails 项目中,我定义了多个 使用 Spring Security 插件的分层角色,例如 ROLE_USER > SOME_OTHER_ROLE。当使用 @Secured 注释保护控制器方法时,它工作得很好。但是,我还想在我的代码中以编程方式检查一个用例的角色。使用以下方法,即使用户通过分层角色定义继承角色,我总是得到 false:
request.isUserInRole('SOME_OTHER_ROLE')
此外,以下调用永远不会直接返回继承的角色:
SecurityContextHolder.context?.authentication?.authorities
springSecurityService.getPrincipal().getAuthorities()
是否有一种方法来检查用户是否也有继承的角色?
In my Grails project I defined multiple hierarchical roles using the Spring Security plugin e.g. ROLE_USER > SOME_OTHER_ROLE. When securing controller methods using the @Secured annotation it works just fine. However, I also would like to check the role programmatically in my code for one use case. Using the following approach I always get a false even though the user inherits the role through hierarchical role definition:
request.isUserInRole('SOME_OTHER_ROLE')
Also the following calls never directly return the inherited roles:
SecurityContextHolder.context?.authentication?.authorities
springSecurityService.getPrincipal().getAuthorities()
Is there a way of checking if the user also has the inherited role?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这似乎是
SecurityContextHolderAwareRequestWrapper中的一个错误(或者至少是一个遗漏),它添加了一个请求包装器来实现isUserInRole方法。您可以使用
roleVoterbean 的extractAuthorities方法。为其添加依赖注入 (def roleVoter),然后调用This seems like a bug (or at least an omission) in
SecurityContextHolderAwareRequestWrapperwhich adds a request wrapper to implement theisUserInRolemethod.You can use the
roleVoterbean'sextractAuthoritiesmethod. Add a dependency injection for it (def roleVoter) and then call