Java Spring安全性和Thymeleaf以及更新的身份验证_Java_Spring_Spring Security_Thymeleaf

Java Spring安全性和Thymeleaf以及更新的身份验证

java spring spring-security

Java Spring安全性和Thymeleaf以及更新的身份验证,java,spring,spring-security,thymeleaf,Java,Spring,Spring Security,Thymeleaf,在一次会话中，我使用以下命令更改用户角色： Authentication newAuth = new UsernamePasswordAuthenticationToken(newUser.geteMail(), newUser.getPassword(), AuthorityUtils.createAuthorityList(newUser.getUserRole().name())); SecurityContextHolder.getContext().setAuthen

在一次会话中，我使用以下命令更改用户角色：

Authentication newAuth = new  UsernamePasswordAuthenticationToken(newUser.geteMail(), newUser.getPassword(), AuthorityUtils.createAuthorityList(newUser.getUserRole().name()));
        SecurityContextHolder.getContext().setAuthentication(newAuth);
        RequestContextHolder.currentRequestAttributes().setAttribute("SPRING_SECURITY_CONTEXT", newAuth, RequestAttributes.SCOPE_SESSION);

它会在java代码中改变。我试图使用

接收html中的用户角色，但在上面的代码之后出现以下错误：

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.thymeleaf.exceptions.TemplateProcessingException: Error retrieving value for property "principal.authorities" of authentication object of class org.springframework.security.authentication.UsernamePasswordAuthenticationToken (index:115)
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1014)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
    org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
    org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)

我使用SpringMVC5和thymeleaf-extras-springsecurity4。在临时工作的会话期间不改变角色。如何在html中更新身份验证

编辑我尝试使用thymeleaf-extras-springsecurity5，在身份验证更新后重新加载页面时，收到一个带有“错误凭据”的警报。在跟踪中，现在没有错误，但它显示了以前的角色。还更新了我的代码，如下所示：

UsernamePasswordAuthenticationToken newAuth = new  UsernamePasswordAuthenticationToken(newUser.geteMail(), newUser.getPassword(), AuthorityUtils.createAuthorityList(newUser.getUserRole().name()));
Authentication auth = authenticationManager.authenticate(newAuth);

SecurityContext sc = SecurityContextHolder.getContext();
sc.setAuthentication(auth);
HttpSession session = req.getSession(true);
session.setAttribute(SPRING_SECURITY_CONTEXT_KEY, sc);

这就是全部痕迹吗？另外，为什么不使用

thymeleaf-extras-springsecurity5

？@vphilipnyc不，没有完整的跟踪，我已经用版本5更新了这个问题