How to reload authorities on user update with Spring Security

by

If you need to dynamically update a logged in user’s authorities (when these have changed, for whatever reason), without having to log out and log in of course, you just need to reset the Authentication object (security token) in the Spring SecurityContextHolder.

Example:

Authentication auth = SecurityContextHolder.getContext().getAuthentication();

List<GrantedAuthority> updatedAuthorities = new ArrayList<>(auth.getAuthorities());
updatedAuthorities.add(...); //add your role here [e.g., new SimpleGrantedAuthority("ROLE_NEW_ROLE")]

Authentication newAuth = new UsernamePasswordAuthenticationToken(auth.getPrincipal(), auth.getCredentials(), updatedAuthorities);

SecurityContextHolder.getContext().setAuthentication(newAuth);

More Related Contents:

  1. Spring Security : Multiple HTTP Config not working
  2. How to get active user’s UserDetails
  3. How to fix role in Spring Security?
  4. Spring security CORS Filter
  5. How to create custom methods for use in spring security expression language annotations
  6. How To Inject AuthenticationManager using Java Configuration in a Custom Filter
  7. Configuring Spring Security 3.x to have multiple entry points
  8. How to manage exceptions thrown in filters in Spring?
  9. Disable Spring Security for OPTIONS Http Method
  10. HttpSecurity, WebSecurity and AuthenticationManagerBuilder
  11. How to get the current logged in user object from spring security?
  12. Customize authentication failure response in Spring Security using AuthenticationFailureHandler
  13. Spring security does not allow CSS or JS resources to be loaded
  14. how to display custom error message in jsp for spring security auth exception
  15. Spring Security 5 : There is no PasswordEncoder mapped for the id “null”
  16. How to apply Spring Security filter only on secured endpoints?
  17. Spring security’s SecurityContextHolder: session or request bound?
  18. Securing Spring Boot API with API key and secret
  19. Spring Security multiple url ruleset not working together
  20. JAAS for human beings
  21. Spring Security HTTP Basic for RESTFul and FormLogin (Cookies) for web – Annotations
  22. Spring security added prefix “ROLE_” to all roles name?
  23. Why this Spring application with java-based configuration don’t work properly
  24. How do I disable resolving login parameters passed as url parameters / from the url
  25. How do I add method based security to a Spring Boot project?
  26. Spring REST security – Secure different URLs differently
  27. What does Cookie CsrfTokenRepository.withHttpOnlyFalse () do and when to use it?
  28. How to secure REST API with Spring Boot and Spring Security?
  29. Why BCryptPasswordEncoder from Spring generate different outputs for same input?
  30. Custom Authentication Manager with Spring Security and Java Configuration

Leave a Comment