我有一个应用程序,用户在其中输入自定义角色名称和权限。例如,用户可以创建一个名为“ Human Resources”的角色,该角色具有以下属性:showDashboard = true;showSuppliers = false;showEmployees = true;我想getSuppliers根据showSuppliers属性限制服务。@PreAuthorize("WHEN showSuppliers IS TRUE")public Page<Supplier> getSuppliers();角色实体:@Entitypublic class Role { @Id @GeneratedValue(strategy = GenerationType.AUTO, generator = "native") @GenericGenerator(name = "native", strategy = "native") private Long id; private String name; private boolean showDashboard; private boolean showSuppliers; private boolean showEmployees;}
1 回答
ITMISS
TA贡献1871条经验 获得超8个赞
您可以在PreAuthorize表达式中引用 bean 。首先这个bean/组件:
@Component("authorityChecker")
public class AuthorityChecker {
public boolean canShowSuppliers(Authentication authentication) {
for (Authority authority : authentication.getAuthorites()) {
Role role = (Role)authority; // may want to check type before to avoid ClassCastException
if (role.isShowSuppliers()) {
return true;
}
}
return false;
}
}
对此的注释将是:
@PreAuthorize("@authorityChecker.canShowSuppliers(authentication)")
public Page<Supplier> getSuppliers();
它将当前用户的 Authentication 对象传递给上面的 bean/component。
添加回答
举报
0/150
提交
取消