首页

Java 8/Spring 常量预授权注释

java spring spring-boot
2022-09-03 14:23:13

在我的Spring Boot项目中,我定义了以下RestController方法:

@PreAuthorize("hasAuthority('" + Permission.APPEND_DECISION + "')")
@RequestMapping(value = "/{decisionId}/decisions", method = RequestMethod.PUT)
public DecisionResponse appendDecisionToParent(@PathVariable @NotNull @DecimalMin("0") Long decisionId, @Valid @RequestBody AppendDecisionRequest decisionRequest) {
    ....
    return new DecisionResponse(decision);
}

现在,为了提供允许的机构名称,我使用以下代码构造:

@PreAuthorize("hasAuthority('" + Permission.APPEND_DECISION + "')")

其中 是一个常量:Permission.APPEND_DECISION

public static final String APPEND_DECISION = "APPEND_DECISION";

在Java / Spring中,有没有更优雅的方式来定义这种代码?


答案 1

以下是在单个位置定义权限的简单方法,不需要任何深入的Spring Security配置。

public class Authority {
    public class Plan{
        public static final String MANAGE = "hasAuthority('PLAN_MANAGE')";
        public static final String APPROVE = "hasAuthority('PLAN_APPROVE')";
        public static final String VIEW = "hasAuthority('PLAN_VIEW')";
    }
}

正在保护服务...

public interface PlanApprovalService {

    @PreAuthorize(Authority.Plan.APPROVE)
        ApprovalInfo approvePlan(Long planId);

    }
}

答案 2

多亏了oli37,我通过以下方式实现了这个逻辑:

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {

    private DefaultMethodSecurityExpressionHandler defaultMethodExpressionHandler = new DefaultMethodSecurityExpressionHandler();

    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler() {
        return defaultMethodExpressionHandler;
    }

    public class DefaultMethodSecurityExpressionHandler extends org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler {

        @Override
        public StandardEvaluationContext createEvaluationContextInternal(final Authentication auth, final MethodInvocation mi) {
            StandardEvaluationContext standardEvaluationContext = super.createEvaluationContextInternal(auth, mi);
            ((StandardTypeLocator) standardEvaluationContext.getTypeLocator()).registerImport(Permission.class.getPackage().getName());
            return standardEvaluationContext;
        }
    }

}


    @PreAuthorize("hasAuthority(T(Permission).APPEND_DECISION)")
    @RequestMapping(value = "/{decisionId}/decisions", method = RequestMethod.PUT)
    public DecisionResponse appendDecisionToParent(@PathVariable @NotNull @DecimalMin("0") Long decisionId, @Valid @RequestBody AppendDecisionRequest decisionRequest) {
    ...
        return new DecisionResponse(decision);
    }

推荐
更多 »
标签
更多 »
php pass-by-reference optional-parameters default-value javascript arrays dom function string object serialization tostring visibility syntax jslint use-strict operators equality equality-operator identity-operator datetime timestamp date-arithmetic redirect angularjs loops foreach iteration scope variables
推荐
更多 »