实际上我在数据库中有角色,如ROLE_USER,ROLE_MAKER,ROLE_CHECKER.now我使用方法级别限制,提到@PreAutorize(hasRole('ROLE_USER','ROLE_MAKER'),
提前致谢 VENU
答案 0 :(得分:0)
在http://static.springsource.org/spring-security/site/docs/3.0.x/reference/el-access.html
检查权限评估员步骤1:告诉spring你将使用权限评估程序。
<beans:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<beans:property name="permissionEvaluator">
<beans:bean id="permissionEvaluator" class="com.npacemo.permissions.SomePermissionsEvaluator"/>
</beans:property>
</beans:bean>
步骤2:在com.npacemo.permissions.SomePermissionsEvaluator上实现PermissionEvaluator
class SomePermissionsEvaluator implements PermissionEvaluator {
boolean hasPermission(Authentication authentication,
java.lang.Object targetDomainObject,
java.lang.Object permission){
if(permission.equals("check role")){
//ok I need to check for roles from DB..
if matching then return true else false..
//write logic as per ur requirement
}
boolean hasPermission(Authentication authentication,
java.io.Serializable targetId,
java.lang.String targetType,
java.lang.Object permission){
//write logic as per ur requirement
}
}
第3步:在PreAuthorize中调用hasPermission来检查你的角色
@PreAuthorize("hasPermission(#contact, 'check role')")
public void deleteApplication(Contact contact);