我的Spring CustomSecurityExpressionRoot不工作

xesrikrc  于 2024-01-06  发布在  Spring
关注(0)|答案(2)|浏览(142)

我在我的spring项目中创建了一个新的安全表达式,但它不起作用。下面是我的代码。
首先,我做了一个CustomPermissionEvaluator,它实现了PermissionEvaluator

  1. public class CustomPermissionEvaluator implements PermissionEvaluator {
  2.     @Override
  3.     public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {
  4.         if ((auth == null) || (targetDomainObject == null) || !(permission instanceof String)) {
  5.             return false;
  6.         }
  7.         final String targetType = targetDomainObject.getClass().getSimpleName().toUpperCase();
  8.         return hasPrivilege(auth, targetType, permission.toString().toUpperCase());
  9.     }
  11.     @Override
  12.     public boolean hasPermission(Authentication auth, Serializable targetId, String targetType, Object permission) {
  13.         if ((auth == null) || (targetType == null) || !(permission instanceof String)) {
  14.             return false;
  15.         }
  16.         return hasPrivilege(auth, targetType.toUpperCase(), permission.toString().toUpperCase());
  17.     }
  19.     private boolean hasPrivilege(Authentication auth, String targetType, String permission) {
  20.         for (final GrantedAuthority grantedAuth : auth.getAuthorities()) {
  21.             if (grantedAuth.getAuthority().startsWith(targetType) && grantedAuth.getAuthority().contains(permission)) {
  22.                 return true;
  23.             }
  24.         }
  25.         return false;
  26.     }
  27. }

字符串
CustomSecurityExpressionRoot实现MethodSecurityExpressionOperations

  1. public class CustomSecurityExpressionRoot implements MethodSecurityExpressionOperations {
  3.     private final Logger log = LoggerFactory.getLogger(CustomSecurityExpressionRoot.class);
  5.     protected final Authentication authentication;
  6.     private AuthenticationTrustResolver trustResolver;
  7.     private RoleHierarchy roleHierarchy;
  8.     private Set<String> roles = new HashSet<>();
  9.     private String defaultRolePrefix = "ROLE_";
  10.     private PermissionEvaluator permissionEvaluator;
  11.     private MyRepository myRepository;
  13.     private Object filterObject;
  14.     private Object returnObject;
  16.     public CustomSecurityExpressionRoot(Authentication authentication) {
  17.         if (authentication == null) {
  18.             throw new IllegalArgumentException("Authentication object cannot be null");
  19.         }
  20.         this.authentication = authentication;
  21.         log.debug("Custom Security Expression Root ran");
  22.     }
  24.     // @Override
  25.     // Override some method
  27.     // test
  28.     public boolean isAdmin(Long groupId){
  29.         log.debug("Group Id is {}", groupId);
  30.         return true;
  31.     }
  33.     public static <T> boolean allIsNull(T... items) {
  34.         for (T item : items) if (item != null) return false;
  35.         return true;
  36.     }
  38. }


然后,我创建CustomMethodSecurityExpressionHandler

  1. public class CustomMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler {
  3.     private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
  4.     private ApplicationContext applicationContext;
  6.     @Override
  7.     public void setApplicationContext(ApplicationContext applicationContext) {
  8.         super.setApplicationContext(applicationContext);
  9.         this.applicationContext = applicationContext;
  10.     }
  12.     @Override
  13.     protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) {
  14.         CustomSecurityExpressionRoot root = new CustomSecurityExpressionRoot(authentication);
  15.         root.setPermissionEvaluator(getPermissionEvaluator());
  16.         root.setTrustResolver(this.trustResolver);
  17.         root.setRoleHierarchy(getRoleHierarchy());
  18.         root.setMyRepository(applicationContext.getBean(MyRepository.class));
  19.         return root;
  20.     }
  21. }


最后,我配置应用程序

  1. @Configuration
  2. @EnableGlobalMethodSecurity(prePostEnabled = true)
  3. public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
  5.     @Autowired
  6.     ApplicationContext applicationContext;
  8.     @Override
  9.     protected MethodSecurityExpressionHandler createExpressionHandler() {
  10.         CustomMethodSecurityExpressionHandler expressionHandler = new CustomMethodSecurityExpressionHandler();
  11.         expressionHandler.setPermissionEvaluator(new CustomPermissionEvaluator());
  12.         expressionHandler.setApplicationContext(applicationContext);
  13.         return expressionHandler;
  14.     }
  15. }


我在我的一个API中添加了isAdmin()限制

  1. @RestController
  2. @RequestMapping("/api")
  3. public class MyResource {
  5.     private final Logger log = LoggerFactory.getLogger(MyResource.class);
  7.     private static final String ENTITY_NAME = "MyResource";
  9.     @Value("${jhipster.clientApp.name}")
  10.     private String applicationName;
  12.     private final MyService myService;
  14.     private final MyRepository myRepository;
  16.     private final MyKafkaService KafkaService;
  18.     public MyResource(GroupMemberService myService, MyRepository myRepository, MyKafkaService myKafkaService) {
  19.         this.myService = myService;
  20.         this.myRepository = myRepository;
  21.         this.KafkaService = KafkaService;
  22.     }
  23.     
  24.     @PreAuthorize("isAdmin(#week)")
  25.     @GetMapping("/todo/{week}")
  26.     public ResponseEntity<List<TodoDTO>> getAllTodoInWeek(@PathVariable Long week, Pageable pageable) {
  27.         log.debug("REST request to get a page of Todo");
  28.         Page<TodoDTO> page = myService.findAllByWeek(week, pageable);
  29.         HttpHeaders headers = PaginationUtil.generatePaginationHttpHeaders(ServletUriComponentsBuilder.fromCurrentRequest(), page);
  30.         return ResponseEntity.ok().headers(headers).body(page.getContent());
  31.     }
  32. }


我很兴奋地使用postman来测试这个API,并急切地等待着想要的结果。

  1. java.lang.IllegalArgumentException: Failed to evaluate expression 'isAdmin()'
  2.     at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:33)
  3.     at org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice.before(ExpressionBasedPreInvocationAdvice.java:51)
  4.     at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:71)
  5.     at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:42)
  6.     at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:60)
  7.     at org.springframework.security.access.intercept.AbstractSecurityInterceptor.attemptAuthorization(AbstractSecurityInterceptor.java:238)
  8.     at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:208)
  9.     at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:58)
  10.     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
  11.     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
  12.     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:97)
  13.     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
  14.     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.proceed(CglibAopProxy.java:753)
  15.     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:698)
  16.     at vn.vnedu.studyspace.group_store.web.rest.GroupMemberResource$$EnhancerBySpringCGLIB$$df9b89b9.getAllGroupMembersInGroup(<generated>)
  17.     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  18.     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  19.     at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  20.     at java.base/java.lang.reflect.Method.invoke(Method.java:566)
  21.     at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
  22.     at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)
  23.     at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)
  24.     at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)
  25.     at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)
  26.     at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
  27.     at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1067)
  28.     at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:963)
  29.     at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
  30.     at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
  31.     at javax.servlet.http.HttpServlet.service(HttpServlet.java:497)
  32.     at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
  33.     at javax.servlet.http.HttpServlet.service(HttpServlet.java:584)
  34.     at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
  35.     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
  36.     at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)
  37.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  38.     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
  39.     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
  40.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)
  41.     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
  42.     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)
  43.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  44.     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:121)
  45.     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)
  46.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  47.     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)
  48.     at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)
  49.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  50.     at org.springframework.security.oauth2.client.web.OAuth2AuthorizationCodeGrantFilter.doFilterInternal(OAuth2AuthorizationCodeGrantFilter.java:168)
  51.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  52.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  53.     at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105)
  54.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  55.     at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)
  56.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  57.     at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
  58.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  59.     at org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter.doFilterInternal(BearerTokenAuthenticationFilter.java:137)
  60.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  61.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  62.     at org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter.doFilterInternal(OAuth2AuthorizationRequestRedirectFilter.java:178)
  63.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  64.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  65.     at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)
  66.     at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)
  67.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  68.     at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)
  69.     at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)
  70.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  71.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  72.     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)
  73.     at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)
  74.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  75.     at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)
  76.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  77.     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)
  78.     at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)
  79.     at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)
  80.     at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
  81.     at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
  82.     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
  83.     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
  84.     at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
  85.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  86.     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
  87.     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
  88.     at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
  89.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  90.     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
  91.     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
  92.     at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:96)
  93.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  94.     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
  95.     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
  96.     at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
  97.     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
  98.     at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
  99.     at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
  100.     at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
  101.     at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
  102.     at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
  103.     at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
  104.     at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
  105.     at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
  106.     at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
  107.     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  108.     at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
  109.     at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
  110.     at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
  111.     at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
  112.     at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
  113.     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  114.     at io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
  115.     at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
  116.     at io.undertow.servlet.handlers.SessionRestoringHandler.handleRequest(SessionRestoringHandler.java:119)
  117.     at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:280)
  118.     at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:79)
  119.     at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:134)
  120.     at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:131)
  121.     at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
  122.     at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
  123.     at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:260)
  124.     at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:79)
  125.     at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:100)
  126.     at io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
  127.     at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:852)
  128.     at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
  129.     at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019)
  130.     at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558)
  131.     at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449)
  132.     at org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
  133.     at java.base/java.lang.Thread.run(Thread.java:829)
  134. Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1004E: Method call: Method isAdmin() cannot be found on type org.springframework.security.access.expression.method.MethodSecurityExpressionRoot
  135.     at org.springframework.expression.spel.ast.MethodReference.findAccessorForMethod(MethodReference.java:226)
  136.     at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:135)
  137.     at org.springframework.expression.spel.ast.MethodReference.getValueInternal(MethodReference.java:95)
  138.     at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:117)
  139.     at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:308)
  140.     at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:30)
  141. Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1004E: Method call: Method isAdmin() cannot be found on type org.springframework.security.access.expression.method.MethodSecurityExpressionRoot


请告诉我我哪里做错了。非常感谢

spring-boot

2条答案

按热度按时间
bvuwiixz

bvuwiixz1#

一般来说,不要使用自定义的MethodSecurityExpressionOperations,而只是编写一个类来做你想要的事情。将其注册为bean(使其成为@Component)并在表达式中引用它。
如同以下

  1. @Component
  2. public class OurSecurity {
  4.   public boolean isAdmin(Long groupId) {
  5.     log.debug("Group Id is {}", groupId);
  6.     return true;
  7.   }
  8. }

字符串
如果您正确设置了Sping Boot ,它将被拾取并注册为bean。在SpEL中,您可以使用@引用bean。因此将您的表达式重写为以下内容。

  1. @PreAuthorize("@ourSecurity.isAdmin(#week)")


它现在将调用提供的bean上的方法。现在您可以删除所有自定义部分并使用它。这比尝试替换Spring Security中的移动部分更容易。
您还可以将相同的表达式与HttpSecurity.antMatcher上的access方法(以及其他匹配项)一起使用,以编写安全表达式。

展开查看全部
赞(0)分享  回复(0)举报  2024-01-06
hmae6n7t

hmae6n7t2#

对于一次也面临这个错误:

  1. "Failed to evaluate expression '@customSecurityExpression.hasGVO('ABCDE')'",

字符串
我们已经为所有spring Boot 资源(3.1.5)服务器创建了一个实用程序库/依赖项,因此我们只需要维护一次功能。
Custom @PreAuthorize检查-代码已剪切:

  1. @PreAuthorize("@customSecurityExpression.hasGVO('ABCDE')")
  2. @Retention(RetentionPolicy.RUNTIME)
  3. @Schema(description = "Admin permission 'ABCDE' required.")
  4. @Target({ ElementType.METHOD, ElementType.TYPE })
  5. public @interface AuthorizeHasAdminRights {
  6. }


在调试DefaultListableBeanFactory.java时,我们遇到我们的spring bean(@Component)是用完整的限定包路径定义的,因此在资源服务器的@PreAuthorize中找不到bean。

**解决方案:**我们必须通过以下方式定义专用组件名称:

  1. @Component("customSecurityExpression")
  2. public class CustomSecurityExpression { ... }


所以DefaultListableBeanFactory#getBeanDefinition(StringbeanName)能够在字段中找到springbean:beanfunctionMap。

  • 免责声明:只有在依赖项中创建spring bean时才可能发生这种情况 *
展开查看全部
赞(0)分享  回复(0)举报  2024-01-06
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com