-
Jan 6th, 2010, 02:57 AM
#1
Switching the user's "current" authority, in a multiple role per person scenario.
Hello,
Application Details
Icefaces 1.8
Spring security
Hibernate
* note : spring is not used else where in the application.
Context of the problem :
In my application, every user has multiple roles. At login, only one role is selected and added to the grantedAuthorities[]. To switch between his roles, a jsf method exists to modify the granted-authority, and store it in SecurityContextHolder via setAuthentication.
The problem
Icefaces tags have a property called "renderedOnUserRole". After much digging, I found that it calls : request.getUserPrincipal().
I found that, setting the authentication object in SecurityContextHolder does not effect the request.getUserPrincipal().
Hence, the data on the page is still un-affected, as the old principal still exists in the HttpServletRequest.
The code to switch roles
LoginBean.changeRole():
Manager currentUser = getUserFromSecurityContext() ;
boolean hasRole = UserManager.hasRole(currentUser, role);
Authentication authentication = SecurityContextHolder.getContext().getAuthenticati on() ;
UserDetailsServiceImpl provider = new UserDetailsServiceImpl();
if (hasRole)
{
ProviderManager pm = (ProviderManager)WebApplicationContextUtils.getWeb ApplicationContext(((HttpServletRequest) FacesContext.getCurrentInstance().getExternalConte xt().getRequest()).getSession().getServletContext( ) ).getBean("authenticationManager");
UserDetails userDetails = provider.loadUserByUsername(currentUser.getEmailAd dress());
GrantedAuthority newRole = new GrantedAuthorityImpl(role.name());
GrantedAuthority[] roles = new GrantedAuthority[1];
roles[0] = newRole ;
PrincipalSpringSecurityUserToken token = new PrincipalSpringSecurityUserToken(currentUser.getEm ailAddress(),currentUser.getEmailAddress(), currentUser.getPassword(),roles,userDetails);
token.setDetails(new WebAuthenticationDetails((HttpServletRequest) FacesContext.getCurrentInstance().getExternalConte xt().getRequest()));
authentication = pm.authenticate(token);
SecurityContextHolder.getContext().setAuthenticati on(authentication);
}
else
{
FacesUtils.showMessage("Sorry, but you do not have the permission to switch to this role");
return ;
}
How do I do this ?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
