我关注了这篇文章,https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory并创建了一个应用程序角色
以下端点使用用户角色进行授权
@CrossOrigin(origins = "http://localhost:8080")
@RestController
@RequestMapping("/api")
public class TutorialController {
@Autowired
TutorialRepository tutorialRepository;
@PreAuthorize("hasAnyAuthority('APPROLE_Admin', 'APPROLE_Contributor')")
@GetMapping("/tutorials")
public ResponseEntity<List<Tutorial>> getAllTutorials(@RequestParam(required = false) String title) {
try {
List<Tutorial> tutorials = new ArrayList<Tutorial>();
我想引入一个额外的获取端点来返回用户拥有的角色列表?
更新:2022年5月25日
我添加了一个额外的映射,如下所述
@GetMapping("/roles")
public ResponseEntity<List<GrantedAuthority>> getRoles() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
List<GrantedAuthority> authorities = (List<GrantedAuthority>) userDetails.getAuthorities();
return (ResponseEntity<List<GrantedAuthority>>) authorities;
}
收到错误:
java.lang.ClassCastException: class org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser cannot be cast to class org.springframework.security.core.userdetails.UserDetails
最佳答案
如果您已正确设置安全配置,您可以获取当前用户的角色,如下所示。
SecurityContextHolder.getContext().getAuthentication();
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
List<GrantedAuthority> authorities = userDetails.getAuthorities();
关于java - 如何返回用户拥有的角色列表?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72364748/