Reputation: 33426
Access/check Spring Security hierarchical roles programmatically
In my Grails project I defined multiple hierarchical roles using the Spring Security plugin e.g. ROLE_USER > SOME_OTHER_ROLE. When securing controller methods using the @Secured annotation it works just fine. However, I also would like to check the role programmatically in my code for one use case. Using the following approach I always get a false even though the user inherits the role through hierarchical role definition:
request.isUserInRole('SOME_OTHER_ROLE')
Also the following calls never directly return the inherited roles:
SecurityContextHolder.context?.authentication?.authorities
springSecurityService.getPrincipal().getAuthorities()
Is there a way of checking if the user also has the inherited role?
Upvotes: 2
Views: 1366
Answers (1)
Reputation: 75671
This seems like a bug (or at least an omission) in SecurityContextHolderAwareRequestWrapper which adds a request wrapper to implement the isUserInRole method.
You can use the roleVoter bean's extractAuthorities method. Add a dependency injection for it (def roleVoter) and then call
def allRoles = roleVoter.extractAuthorities(
SecurityContextHolder.context.authentication)
Upvotes: 2
Related Questions
- Grails check role access for specific controller action
- Checking if specific user has a role
- Spring Security: method to check if a user has a Hierarchical Role
- How to get current user role with spring security plugin?
- Spring security @secure not working with role hierarchy in Grails
- Accessing Spring Security Role Hierarchy Programatically
- Grails Spring Security Get Roles for the Current Page
- Grails Spring Security get assigned roles to a method
- Find user with specific spring security role
- Grails: SpringSecurity roleHierarchy not working as expected