Authentication auth = SecurityContextHolder.getContext().getAuthentication();
Collection<? extends GrantedAuthority> roles = auth.getAuthorities();
如何检查roles是否包含"ROLE_ADMIN"等特定权限?
答案 0 :(得分:4)
GrantedAuthority的实现,罗伯特的回答是正确的,如下所示:
auth.getAuthorities().stream().anyMatch(ga -> ga.getAuthority().equals("ROLE_ADMIN"))
但是,如果您知道他们都是SimpleGrantedAuthority,那么您可以这样做:
auth.getAuthorities().contains(new SimpleGrantedAuthority("ROLE_ADMIN"))
答案 1 :(得分:2)
我不知道任何内置函数,但这是一个可以使用的实用方法。
if (userHasAuthority("ROLE_ADMIN")) { ... }
public static boolean userHasAuthority(String authority)
{
List<GrantedAuthority> authorities = getUserAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
if (authority.equals(grantedAuthority.getAuthority())) {
return true;
}
}
return false;
}