/**
* After returning, grab the user, check if they've been modified and reset the SecurityContext if they have.
*
* @param returnValue the user object
* @param method the name of the method executed
* @param args the arguments to the method
* @param target the target class
* @throws Throwable thrown when args[0] is null or not a User object
*/
public void afterReturning(Object returnValue, Method method, Object[] args, Object target)
throws Throwable {
User user = (User) args[0];
if (user.getVersion() != null) {
// reset the authentication object if current user
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
// allow new users to signup - this is OK b/c Signup doesn't allow setting of roles
boolean signupUser = resolver.isAnonymous(auth);
if (auth != null && !signupUser) {
UserManager userManager = (UserManager) target;
User currentUser = getCurrentUser(auth, userManager);
if (currentUser.getId().equals(user.getId())) {
auth = new UsernamePasswordAuthenticationToken(user, user.getPassword(), user.getAuthorities());
SecurityContextHolder.getContext().setAuthentication(auth);
}
}
}
}
UserSecurityAdvice.java 文件源码
java
阅读 33
收藏 0
点赞 0
评论 0
项目:ldadmin
作者:
评论列表
文章目录
