如何从Java中获取UserPrincipal的角色?

时间:2014-05-28 11:58:45

标签: java servlets servlet-filters userprincipal

我创建了一个类(命名为 CustomRequestWrapper ),它正在实现 HttpServletRequestWrapper 。在 CustomRequestWrapper 类我正在设置用户principal.Now in my代码我想从用户principal获取角色列表。我尝试使用 tomcat-catalina jar中的GenericPrincipal类但是我得到了转换异常 CustomRequestWrapper 无法转换为的GenericPrincipal 即可。任何人都可以知道如何从用户主体获取角色吗?

注意:我正在使用Apache Tomcat Server

这是我的代码:

public class CustomRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper {

public CustomRequestWrapper(String User,List<String> roles,HttpServletRequest request) {
    super(request);
    this.user=User;
    this.roles=roles;
    this.realRequest=request;
    headerMap = new HashMap();
}
String user;  
List<String> roles = null; 
HttpServletRequest realRequest;  
private Map headerMap;

public void addHeader(String name, String value) {
    headerMap.put(name, new String(value));
}

public Enumeration getHeaderNames() {
    HttpServletRequest request = (HttpServletRequest) getRequest();
    List list = new ArrayList();
    for (Enumeration e = request.getHeaderNames(); e.hasMoreElements();) {
        list.add(e.nextElement().toString());
    }

    for (Iterator i = headerMap.keySet().iterator(); i.hasNext();) {
        list.add(i.next());
    }
    return Collections.enumeration(list);
}

public String getHeader(String name) {
    Object value;
    if ((value = headerMap.get("" + name)) != null)
        return value.toString();
    else
        return ((HttpServletRequest) getRequest()).getHeader(name);
}
     @override
public boolean isUserInRole(String role) {  
    if (roles == null) {  
        return this.realRequest.isUserInRole(role);  
    }  
    return roles.contains(role);  
}  

@override
public Principal getUserPrincipal() {  
    if (this.user == null) {  
        return realRequest.getUserPrincipal();  
    }  

    // make an anonymous implementation to just return our user  
    return new Principal() {  

        public String getName() {       
            return user;  
        }  
    };  
}

}

2 个答案:

答案 0 :(得分:2)

您提到的例外可能是解决问题的关键

CustomRequestWrapper cannot be cast to GenericPrincipal

您必须投射Principal对象,而不是CustomRequestWrapper。下面是一个示例方法,您可以在CustomRequestWrapper类下添加该方法,该方法应返回Tomcat AS下的用户角色列表。 (我认为这是一个混乱的方法):

private String[] getRolePrincipal() {
  final GenericPrincipal genericPrincipal = (GenericPrincipal) getUserPrincipal();
  return genericPrincipal.getRoles();
}

所以最后的CustomRequestWrapper将如下:

public class CustomRequestWrapper extends javax.servlet.http.HttpServletRequestWrapper
{

  public CustomRequestWrapper(String User, List<String> roles, HttpServletRequest request)
  {
    super(request);
    this.user = User;
    this.roles = roles;
    this.realRequest = request;
    headerMap = new HashMap();
  }

  String user;
  List<String> roles = null;
  HttpServletRequest realRequest;
  private Map headerMap;

  public void addHeader(String name, String value)
  {
    headerMap.put(name, new String(value));
  }

  public Enumeration getHeaderNames()
  {
    HttpServletRequest request = (HttpServletRequest) getRequest();
    List list = new ArrayList();
    for (Enumeration e = request.getHeaderNames(); e.hasMoreElements(); )
    {
      list.add(e.nextElement().toString());
    }

    for (Iterator i = headerMap.keySet().iterator(); i.hasNext(); )
    {
      list.add(i.next());
    }
    return Collections.enumeration(list);
  }

  public String getHeader(String name)
  {
    Object value;
    if ((value = headerMap.get("" + name)) != null)
      return value.toString();
    else
      return ((HttpServletRequest) getRequest()).getHeader(name);
  }

  @Override
  public boolean isUserInRole(String role)
  {
    if (roles == null)
    {
      return this.realRequest.isUserInRole(role);
    }
    return roles.contains(role);
  }

  @Override
  public Principal getUserPrincipal()
  {
    if (this.user == null)
    {
      return realRequest.getUserPrincipal();
    }

    // make an anonymous implementation to just return our user
    return new Principal()
    {

      public String getName()
      {
        return user;
      }
    };
  }

  public String[] getRolePrincipal() {
    final GenericPrincipal genericPrincipal = (GenericPrincipal) getUserPrincipal();
    return genericPrincipal.getRoles();
  }
}

答案 1 :(得分:2)

从代码中,将用户名和角色注入构造函数中的CustomRequestWrapper。正如您在getUserPrincipal中覆盖CustomRequestWrapper一样,它不再返回tomcat GenericPrincipal,而是只知道返回您提供的用户名的匿名类,通过getName() 。您应该尝试通过

返回tomcat GenericPrincipal 
  @Override
  public Principal getUserPrincipal()
  {
    if (this.user == null)
    {
      return realRequest.getUserPrincipal();
    }

    // return a forged GenericPrincipal
    return new GenericPrincipal(user, "", roles);
  }

或者,您可以创建一个了解角色的Principal自定义实现。

只有在CustomRequestWrapper构建时成功注入用户及其角色时才会有效。

相关问题
最新问题