问题

如何检查Java代码中的用户权限或权限?例如 - 我想根据角色为用户显示或隐藏按钮。有注释,如:

@PreAuthorize("hasRole('ROLE_USER')")

如何在Java代码中创建它?就像是 :

if(somethingHere.hasRole("ROLE_MANAGER")) {
   layout.addComponent(new Button("Edit users"));
}

#1 热门回答(119 赞)

你可以使用HttpServletRequest对象的isUserInRole方法。

就像是:

public String createForm(HttpSession session, HttpServletRequest request,  ModelMap   modelMap) {


    if (request.isUserInRole("ROLE_ADMIN")) {
        // code here
    }
}

#2 热门回答(66 赞)

Spring Security 3.0具有此API

SecurityContextHolderAwareRequestWrapper.isUserInRole(String role)

http://static.springsource.org/spring-security/site/apidocs/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestWrapper.html#isUserInRole(java.lang.String)


#3 热门回答(53 赞)

你可以执行以下操作,而不是使用循环从UserDetails中查找权限:

Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
boolean authorized = authorities.contains(new SimpleGrantedAuthority("ROLE_ADMIN"));

原文链接