How to get authentication infomation when using spring security? | ansaurus

tags:

spring-security

views:

25

answers:

1

Q:

How to get authentication infomation when using spring security?

At pages I am using tag: security:authorize ifAnyGranted="ROLE_USER,ROLE_ADMIN" ... It works. But at server side: I use SecurityContextHolder.getContext().getAuthentication().isAuthenticated(),it is always true. When I didn't log in, the system take anonymousUser as the log in user.

Whow can I avoid this?

Thanks

A:

If it is spring security 2.x, there is AuthorityUtils.userHasAuthority(String authority) which you can use to make explicit check for the role.

You could iterate over SecurityContextHolder.getContext().getAuthentication().getAuthorities() and ensure you permit operation only for the roles that you want.

Raghuram 2010-10-04 13:50:39

Thanks, I knew this approach,I throught there was anthoer method.SecurityContextHolder.getContext().getAuthentication().getAuthorities()

Tom 2010-10-05 18:43:22

related questions

Acegi/Spring Security Grails plug-in not seeing changes to a User instance

different DelegatingFilterProxy and FilterToBeanProxy

How to immediately enable the authority after update user authority in spring security?

springdoclet usage?

Grails Security Problem and Search Engine optimization

Spring Security: Advice needed on how to handle GrantedAuthority

Why is my (Spring Security) servlet filter getting called twice?

Grails Acegi Plugin springsecurity.GrailsDaoImpl - User [admin] has no GrantedAuthority

Spring Security: What is the UserDetailsManager interface used for? And more!

Combining namespace based configuration with different authentication methods in spring-security

Spring Security: Custom Authentication Provider for 'one time password' and 'securit questions'

Spring Security: How to get the initial target url

Permissions checking in server-side API

Cannot locate 'org.springframework.security.annotation.Jsr250MethodDefinitionSource'

How to grant access for all authenticated users?

Spring embedded ldap server in unit tests

What are some good sample applications using Spring and Hibernate?

Problem migrating Spring Web App from tomcat 5.5 to tomcat 6.0

How to throw an informative exception from AccessDecisionManager that uses voters

How can I determine what roles are required to access a URL with Spring Security?

Creating a custom authentication with Acegi/Spring Security

Unit testing with Spring Security

Securing Remote Access over JMXMP with Spring Security

When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?

Spring security: adding "On unsuccessful login event listener"