现在我用@PreAuthorize("hasAuthority('CREATE_USER_PRIVILEGE')")但我希望 CREATE_USER_PRIVILEGE 来自函数()。这可能吗?
3 回答
潇潇雨雨
TA贡献1833条经验 获得超4个赞
你可以这样做:
@RestController
class FooController {
@PreAuthorize("hasAuthority(@securityService.privilege)")
@GetMapping("/")
public ResponseEntity<String> helloSecurity(@RequestParam("id") Integer id){
return ResponseEntity.ok("Hello World");
}
}
@Service("securityService")
class SecurityService {
public String getPrivilege(){
return "CREATE_USER_PRIVILEGE";
}
}
繁星coding
TA贡献1797条经验 获得超4个赞
基于上述解决方案,我实现了如下内容:
@Controller
class TestController {
//calling a PreAuthorize on method level/ can be used on class level as well
@PreAuthorize("hasAnyAuthority(@authorityService.authorities)")
@RequestMapping("/application")
public ModelAndView newPage() throws{
return new ModelAndView(view);
}
}
@Service("authorityService")
class AuthorityService{
@Value("${app.authorities}") // read roles from properties file
private String authorities;
public List<String> getAuthorities(){
// convert the comma separated Strings to list.
List<String> items = Arrays.asList(authorities.split("\\s*,\\s*"));
return items;
}
}
波斯汪
TA贡献1811条经验 获得超4个赞
您必须首先使用构造函数或注释自动装配您的服务,然后您可以使用 Spel 语言来使用它,如下例所示
@RequestMapping(value="/id/{domainObjectId}/dostuff", method=RequestMethod.POST, produces="application/json")
@PreAuthorize(value="hasRole('ROLE_DomainObjectAdmin') or @domainObjectServiceImpl.findDomainObject(#domainObjectId).getOwners().contains(#userAccount.getEmployee())")
public String setObjectiveComplete(@PathVariable String domainObjectId, UserAccount userAccount) {
// Do stuff
}
添加回答
举报
0/150
提交
取消