Java 删除spring安全角色
有没有办法撤销spring安全角色?具体来说,我想从Java 删除spring安全角色,java,generics,spring-mvc,collections,spring-security,Java,Generics,Spring Mvc,Collections,Spring Security,有没有办法撤销spring安全角色?具体来说,我想从UserDetails.getAuthorities()对象中删除元素 Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities(); authorities.remove(new SimpleGrantedAuthority("ROLE_TO_BE_REMOVED")); Collection我想您需要使用org.springf
UserDetails.getAuthorities()
对象中删除元素
Collection<? extends GrantedAuthority> authorities = userDetails.getAuthorities();
authorities.remove(new SimpleGrantedAuthority("ROLE_TO_BE_REMOVED"));
Collection我想您需要使用org.springframework.security.provisioning.UserDetailsManager.updateUser()
这应该可以做到:
public void removeRole(String role){
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
List<GrantedAuthority> updatedAuthorities =
auth.getAuthorities().stream()
.filter(r -> !role.equals(r.getAuthority()))
.collect(Collectors.toList());
Authentication newAuth = new UsernamePasswordAuthenticationToken(
auth.getPrincipal(), auth.getCredentials(), updatedAuthorities);
SecurityContextHolder.getContext().setAuthentication(newAuth);
}
公共无效删除OLE(字符串角色){
Authentication auth=SecurityContextHolder.getContext().getAuthentication();
列出更新的权限=
auth.getAuthories().stream()
.filter(r->!role.equals(r.getAuthority()))
.collect(Collectors.toList());
Authentication newAuth=新用户名密码AuthenticationToken(
auth.getPrincipal()、auth.getCredentials()、UpdateAuthorities);
SecurityContextHolder.getContext().setAuthentication(newAuth);
}
好吧,我仍然需要在UserDetails对象中设置权限,作为一种绕过不变性的解决方案,您可以将您的权限设置为ArrayList
,以便将它们复制到新集合中,然后删除角色。