Relogging a user in with different Spring Security Authorities programmatically

Posted by user1331982 on Stack Overflow See other posts from Stack Overflow or by user1331982
Published on 2012-04-13T16:06:40Z Indexed on 2012/04/13 23:29 UTC
Read the original article Hit count: 192

Filed under:

spring-security

PreReq:
User logs in and is given roles got from the database using a custom implementation of userService. i.e.

authentication-provider user-service-ref="securityPolicyService"

The implemented method loadUserByUsername gets called and the roles are load for the user for the particular club they are logging into, Default one is loaded first time in.

The user then click on a different club from the UI and I call a method on a service that gets the new list of authorities for this club.

I then perform the following:

Object principle = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
SecureMember sm = (SecureMember) principle;
Authentication auth = 
      new UsernamePasswordAuthenticationToken(sm, null, newAuthories); <br><br>
    SecurityContextHolder.getContext().setAuthentication(auth);<br>
request.getSession(false).invalidate();

SecureMember extends User from SpringFramework.

The problem is the SecureMember authorities are never updated with the new ones.

thanks Gary

Related posts about spring-security

Spring Security - Interactive login attempt was unsuccessful

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been trying to track down why Spring Security isn't creating the SPRING_SECURITY_REMEMBER_ME_COOKIE so I turned on logging for org.springframework.security.web.authentication.rememberme. At first glance, the logs make it seem like the login is failing but the login is actually successful in the… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More
Spring Security - Persistent Remember Me Issue

as seen on Stack Overflow - Search for 'Stack Overflow'
I've been trying to track down why Spring Security isn't creating the Spring Security remember me cookie (SPRING_SECURITY_REMEMBER_ME_COOKIE). At first glance, the logs make it seem like the login is failing, but the login is actually successful in the sense that if I navigate to a page that requires… >>> More
Problem with Remember Me Service in Spring Security

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I'm trying to implement a "remember me" functionality in my website using Spring. The cookie and entry in the persistent_logins table are getting created correctly. Additionally, I can see that the correct user is being restored as the username is displayed at the top of the page. However, once… >>> More
Spring Security 3 - j_spring_security_check is not found

as seen on Stack Overflow - Search for 'Stack Overflow'
I use Spring Security with Spring Framework 3 and when I tyr to login from homepage I get following error: 2010-04-26 12:16:39,525 [tomcat-http--2] WARN org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/AppName/app/j_spring_security_check] in DispatcherServlet… >>> More

Developer IT