Spring Security 自定义AuthorizationManager< MethodInvocation>不触发"check“方法

ngynwnxp 于 2023-03-08 发布在 Spring

关注(0)|答案(1)|浏览(255)

根据Spring Security的此文档，我添加了一个自定义AuthorizationManager<MethodInvocation>
当魔豆被触发时

@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public Advisor customAuthorize() {
    JdkRegexpMethodPointcut pattern = new JdkRegexpMethodPointcut();
    pattern.setPattern("xxx.*");

    AuthorizationManager<MethodInvocation> rule = new CustomAuthorizationManager();
    AuthorizationManagerBeforeMethodInterceptor interceptor = new AuthorizationManagerBeforeMethodInterceptor(pattern, rule);
    interceptor.setOrder(AuthorizationInterceptorsOrder.PRE_AUTHORIZE.getOrder() - 1);
    return interceptor;
}

低于check的方法根本不会触发UnsupportedOperationException。

public class CustomAuthorizationManager implements AuthorizationManager<MethodInvocation> {
    @Override
    public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation object) {
        throw new UnsupportedOperationException("Unimplemented method 'check'");
    }
}

有什么建议我错过了什么吗？

spring-security

来源：https://stackoverflow.com/questions/75663884/custom-authorizationmanagermethodinvocation-does-not-trigger-the-check-metho

1条答案

按热度按时间

8aqjt8rx1#

这是因为JdkRegexpMethodPointcut表达式。这与控制器名称空间不匹配。在我的情况下，我必须将其设置为

pattern.setPattern("de.domain.subdomain.Controller.*");

赞(0）回复(0）举报 2023-03-08

我来回答

Spring Security 自定义AuthorizationManager< MethodInvocation>不触发"check“方法

1条答案

相关问题

热门标签

最新问答