Results 1 to 2 of 2

Thread: Finding user role inside a business method

  1. Dec 3rd, 2007, 07:14 AM #1
    jimpo
    jimpo is offline Member
    Join Date
    Aug 2007
    Posts
    57

    Default Finding user role inside a business method

    Let's say I am in a business method SomeRandomService.doOperationXyz(int someparam). The method does not get user's authorization or any security -related data as parameters.

    Can I access current user's roles somehow? Does acegi offer some interface for this purpose? I understand current authorization is bound to ThreadLocal, so this should be possible?

    What I want to achieve is

    Code:
    class SomeRandomService {
  public void doOperationXyz(int someparam) {
    doBasicStuff();
    if (current user has role "ADMIN") {
      doAdminStuff();
    }
    I already posted thread

    http://forum.springframework.org/showthread.php?t=46733

    but I guess my question was too vague or something...
  2. Dec 3rd, 2007, 06:29 PM #2
    igotmilk
    igotmilk is offline Member
    Join Date
    Nov 2005
    Location
    inside milk carton
    Posts
    51

    Default SecurityContextHolder

    You can get a grantedAuthorities set and the loop through the list of granted authorities to match your condition.
    Code:
    GrantedAuthorities[] auths = SecurityContextHolder.getContext().getAuthentication().getAuthorities();
    Alternately, not sure if this will work but you can try casting the Authentication object into a AbstractAdapterAuthenticationToken and then using the isUserInRole method.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules