Java Spring安全性和Thymeleaf以及更新的身份验证
在一次会话中,我使用以下命令更改用户角色:Java Spring安全性和Thymeleaf以及更新的身份验证,java,spring,spring-security,thymeleaf,Java,Spring,Spring Security,Thymeleaf,在一次会话中,我使用以下命令更改用户角色: Authentication newAuth = new UsernamePasswordAuthenticationToken(newUser.geteMail(), newUser.getPassword(), AuthorityUtils.createAuthorityList(newUser.getUserRole().name())); SecurityContextHolder.getContext().setAuthen
Authentication newAuth = new UsernamePasswordAuthenticationToken(newUser.geteMail(), newUser.getPassword(), AuthorityUtils.createAuthorityList(newUser.getUserRole().name()));
SecurityContextHolder.getContext().setAuthentication(newAuth);
RequestContextHolder.currentRequestAttributes().setAttribute("SPRING_SECURITY_CONTEXT", newAuth, RequestAttributes.SCOPE_SESSION);
它会在java代码中改变。
我试图使用
接收html中的用户角色,但在上面的代码之后出现以下错误:
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.thymeleaf.exceptions.TemplateProcessingException: Error retrieving value for property "principal.authorities" of authentication object of class org.springframework.security.authentication.UsernamePasswordAuthenticationToken (index:115)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
我使用SpringMVC5和thymeleaf-extras-springsecurity4。在临时工作的会话期间不改变角色。如何在html中更新身份验证
编辑
我尝试使用thymeleaf-extras-springsecurity5,在身份验证更新后重新加载页面时,收到一个带有“错误凭据”的警报。在跟踪中,现在没有错误,但它显示了以前的角色。还更新了我的代码,如下所示:
UsernamePasswordAuthenticationToken newAuth = new UsernamePasswordAuthenticationToken(newUser.geteMail(), newUser.getPassword(), AuthorityUtils.createAuthorityList(newUser.getUserRole().name()));
Authentication auth = authenticationManager.authenticate(newAuth);
SecurityContext sc = SecurityContextHolder.getContext();
sc.setAuthentication(auth);
HttpSession session = req.getSession(true);
session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, sc);
这就是全部痕迹吗?另外,为什么不使用
thymeleaf-extras-springsecurity5
?@vphilipnyc不,没有完整的跟踪,我已经用版本5更新了这个问题