Spring 如何在模拟其他用户后获取原始用户?
我使用spring提供的Switch用户过滤器来模拟用户 如何获取在SwitchUserFilter中模拟的原始用户 我正在采取的步骤: 前 现在我需要的是在swtichback时在过滤器中获取原始用户(User1) 有可能吗 请建议。 让我知道任何人需要更多的信息。请评论Spring 如何在模拟其他用户后获取原始用户?,spring,spring-security,Spring,Spring Security,我使用spring提供的Switch用户过滤器来模拟用户 如何获取在SwitchUserFilter中模拟的原始用户 我正在采取的步骤: 前 现在我需要的是在swtichback时在过滤器中获取原始用户(User1) 有可能吗 请建议。 让我知道任何人需要更多的信息。请评论 提前感谢。这是您访问原始用户的方式: Collection<? extends GrantedAuthority> authorities = SecurityContextHolder.getContext()
提前感谢。这是您访问原始用户的方式:
Collection<? extends GrantedAuthority> authorities = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
if (SwitchUserFilter.ROLE_PREVIOUS_ADMINISTRATOR.equals(grantedAuthority.getAuthority())) {
System.out.println(((SwitchUserGrantedAuthority) grantedAuthority).getSource().getPrincipal());
}
}
Collection在jhipster生成的应用程序中的UserJwTController中添加此自定义方法
@PostMapping("/authenticate-externalnodes")
public ResponseEntity<JWTToken> authenticateExternalnodes(@Valid @RequestBody LoginVM loginVM) {
// Get Roles for user via username
Set<Authority> authorities = userService.getUserWithAuthoritiesByLogin(loginVM.getUsername()).get()
.getAuthorities();
// Create Granted Authority Rules
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
for (Authority authority : authorities) {
grantedAuthorities.add(new SimpleGrantedAuthority(authority.getName()));
}
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
loginVM.getUsername(), "", grantedAuthorities);
Authentication authentication = authenticationToken;
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
}
@PostMapping(/authenticate externalnodes)
公共响应身份验证外部节点(@Valid@RequestBody LoginVM LoginVM){
//通过用户名获取用户的角色
Set authorities=userService.getUserWithAuthoritiesByLogin(loginVM.getUsername()).get()
.getAuthorities();
//创建授权规则
Set grantedAuthories=new HashSet();
适用于(权限:权限){
grantedAuthories.add(新的SimpleGrantedAuthority(authority.getName());
}
UsernamePasswordAuthenticationToken authenticationToken=新UsernamePasswordAuthenticationToken(
loginVM.getUsername(),“”,授权机构);
身份验证=authenticationToken;
SecurityContextHolder.getContext().setAuthentication(身份验证);
布尔rememberMe=(loginVM.isRememberMe()==null)?false:loginVM.isRememberMe();
字符串jwt=tokenProvider.createToken(身份验证,rememberMe);
HttpHeaders HttpHeaders=新的HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_头,“承载者”+jwt);
返回新的ResponseEntity(新JWTToken(jwt)、httpHeaders、HttpStatus.OK);
}
您能否分享一些示例代码,说明如何在步骤3中提到的过滤器中获取user2?当我从filter.setTargetUrl()中设置的targetUrl中检查主体时,仍然得到user1。
@PostMapping("/authenticate-externalnodes")
public ResponseEntity<JWTToken> authenticateExternalnodes(@Valid @RequestBody LoginVM loginVM) {
// Get Roles for user via username
Set<Authority> authorities = userService.getUserWithAuthoritiesByLogin(loginVM.getUsername()).get()
.getAuthorities();
// Create Granted Authority Rules
Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
for (Authority authority : authorities) {
grantedAuthorities.add(new SimpleGrantedAuthority(authority.getName()));
}
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
loginVM.getUsername(), "", grantedAuthorities);
Authentication authentication = authenticationToken;
SecurityContextHolder.getContext().setAuthentication(authentication);
boolean rememberMe = (loginVM.isRememberMe() == null) ? false : loginVM.isRememberMe();
String jwt = tokenProvider.createToken(authentication, rememberMe);
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(JWTFilter.AUTHORIZATION_HEADER, "Bearer " + jwt);
return new ResponseEntity<>(new JWTToken(jwt), httpHeaders, HttpStatus.OK);
}