Reputation: 168
Retrieve Authentication Object using session id in spring security
Using SessionRegistry object, I have retrieved SessionInformation for all the active sessions of a user.
Now, I want now to check authorities of these sessions. To do that I need Authentication Object.
Is there way to this in spring securtity
My Code:
List<SessionInformation> sessionInformationList = sessionRegistry.getAllSessions( user, false);
SessionInformation sessionInformation = sessionRegistry.getSessionInformation(lastSessionId);
//Now I need Authentication Object, any idea
I am doing this so as to retrieve user roles for different session ids
Upvotes: 3
Views: 3809
Answers (1)
Reputation: 1162
In our Stormpath Spring Security integration we coded what you need during the authentication workflow. Once the user has been properly authenticated, the Granted Authorites are generated and applied to the Authentication object being retrieved.
We encapsulate that information in an object called StormpathUserDetails. You can take a look at this piece of code.
Your code then can retrieve that information this way: Collection<? extends GrantedAuthority> grantedAuthorities = ((StormpathUserDetails)SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getAuthorities();
Hope this helps as an example for what you could do.
Upvotes: 1
Related Questions
- How do I get the Session Object in Spring?
- Retrieving Session ID with Spring Security
- Spring security changing sessionid
- Get session token for Spring boot/security in controller
- Spring mvc getting user id from logged user
- spring security - sessionId is null in authentication
- spring security get user id from DB
- Accessing REST API with sessionId
- Get User details from Session in Spring Security
- Retrieve user session details by username