我为DefaultLdapAuthoritiesPopulator创建了一个AuthoritiesMapper。正确映射角色并使用intercept-url。
如果我尝试使用getUserPrincipal()访问控制器中的角色,我仍然会获得LDAP组。
看一下populator中的代码,它应该可以工作。
知道什么是错的或如何解决?我需要根据角色显示/隐藏部分视图
/*************************************************************************************
* Maps Spring Security GrantedAuthorities
* e.g. AD groups populated using LdapAuthoritiesPopulator mapped to fixed role names
* as defined in a Map instance (e.g. populated from a property file)
*
* Sample roleMap:
* Key Value
* Group1 ROLE_USER
* Group2 ROLE_ADMIN
* Group3 ROLE_ADMIN,ROLE_USER
*************************************************************************************/
public class MapBasedGrantedAuthorityMapper implements GrantedAuthoritiesMapper {
private Map<String,String> roleMap;
private String stringSeparator = ",";
private SimpleGrantedAuthority unknownAuthorithy = new SimpleGrantedAuthority("ROLE_UNKNOWN");
private boolean keepUnknownAuthorities = false;
public MapBasedGrantedAuthorityMapper(Map<String,String> roleMap){
this.roleMap = roleMap;
}
public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
String[] mappedValues;
Set<GrantedAuthority> mapped = new HashSet<GrantedAuthority>(authorities.size());
for (GrantedAuthority auth : authorities) {
if (roleMap.containsKey(auth.getAuthority())) {
mappedValues = StringUtils.split(roleMap.get(auth.getAuthority()),stringSeparator);
for (String mappedValue: mappedValues) {
mapped.add(new SimpleGrantedAuthority(StringUtils.trimToEmpty(mappedValue)));
}
} else if (keepUnknownAuthorities){
mapped.add(auth);
} else if (unknownAuthorithy != null){
mapped.add(unknownAuthorithy);
}
}
return mapped;
}
// getters and setters
}
答案 0 :(得分:0)
我找到了解决这个问题的方法..
在视图中我可以使用spring security taglibs
<sec:authorize access="hasRole('ROLE_ADMIN')">
在服务层我可以使用@Secured