Is there anyway to set the List<GrantedAuthority>
in the Authentication/UserDetailsImpl object? In my application, I have two layers of security, one for logging in (which uses my custom login authenticator, in the class I set the Authentication
object using the UsernamePasswordAuthenticationToken
) and one for a "challenge question" where the user is prompted to answer a particular question.
What I want to do is add a GrantedAuthority
to the current List<GrantedAuthority>
, which was created during the login process, after the user answers the challenge question.
Is this possible?
getAuthorities() method just returns a Collection<GrantedAuthority> object. You can use the appropriate Collection method to add your new authority to that collection. Selah. @Slavak That would really depend on what implementation you're using for UserDetails.
Represents an authority granted to an Authentication object. A GrantedAuthority must either represent itself as a String or be specifically supported by an AccessDecisionManager .
Interface UserDetails. Provides core user information. Implementations are not used directly by Spring Security for security purposes. They simply store user information which is later encapsulated into Authentication objects.
By default, Spring Security uses a thread-local copy of this class. This means each request in our application has its security context that contains details of the user making the request. To use it, we simply call the static methods in SecurityContextHolder: Authentication auth = SecurityContextHolder.
you can do it with following code:
Collection<SimpleGrantedAuthority> oldAuthorities = (Collection<SimpleGrantedAuthority>)SecurityContextHolder.getContext().getAuthentication().getAuthorities(); SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_ANOTHER"); List<SimpleGrantedAuthority> updatedAuthorities = new ArrayList<SimpleGrantedAuthority>(); updatedAuthorities.add(authority); updatedAuthorities.addAll(oldAuthorities); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( SecurityContextHolder.getContext().getAuthentication().getPrincipal(), SecurityContextHolder.getContext().getAuthentication().getCredentials(), updatedAuthorities) );
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With