@Postfilter未被触发。
我的控制器中有两种方法。 listJson方法调用list1方法来获取所有项目并以json格式返回它们。我在list1方法上有@Postfilter来过滤项目,并且没有触发过滤器。
问题不在于配置。因为出于测试目的,我尝试将@Postfilter放在listJson方法上,它确实触发了。你能帮我解决这个问题吗?我将非常感激。
@RequestMapping(produces = "application/json")
@ResponseBody
public String listJson(HttpServletRequest request, HttpServletResponse response) {
List<Project> items = list1(request, response, Project.class);
return JsonHelper.toJsonArray(items, request.getContextPath());
}
@PostFilter("hasPermission(filterObject, 'read')")
private List<Project> list1(HttpServletRequest request, HttpServletResponse response, Class<Project> clazz) {
Integer[] ia = WebHelper.getDojoGridPaginationInfo(request);
Integer firstResult = ia[0];
Integer lastResult = ia[1];
Entry<String, String> orderBy = WebHelper.getDojoJsonRestStoreOrderBy(request.getP arameterNames());
Where where = WebHelper.FromJsonToFilterClass(request.getParamet er("filter"));
List<Project> items = JpaHelper.findEntries(firstResult, lastResult - firstResult + 1, orderBy, where, clazz);
Integer totalCount = JpaHelper.countEntries(where, clazz).intValue();
WebHelper.setDojoGridPaginationInfo(firstResult, lastResult, totalCount, response);
return items;
}
webmvc-config.xml中
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
<security:expression-handler ref="expressionHandler"/>
</security:global-method-security>
<bean id="myPermissionEvaluator" class="org.springframework.security.acls.AclPermis sionEvaluator">
<constructor-arg ref="aclService" />
</bean>
<bean id="expressionHandler" class="org.springframework.security.access.express ion.method.DefaultMethodSecurityExpressionHandler" >
<property name="permissionEvaluator" ref="myPermissionEvaluator"/>
</bean>
答案 0 :(得分:2)
如果list1方法与listJson位于同一个类/实例上,则在处理类中的方法时不会调用安全性建议。
但是,如果要将list1方法移动到注入的服务类,则会有一个建议的对象来支持注释。
编辑我想让这一点更清晰 - 所以我要包含一张图表,希望能更清楚地解释这一点
/mapping -> Project.listJson(HttpServletRequest, HttpServletResponse) |
|
|
|
---------------------
| listJson |
| |---------|
| | |
| | | list1
| | |
| | |
| | |
| | |
| list1 |<--------|
| |
| |
---------------------
/mapping -> Project.listJson(HttpServletRequest, HttpServletResponse) |
|
|
|
---------------------
| listJson |<--------------------------------|
| svc.list1 |--------->advised(Service) | run @PostFilter
| | | |
| | | list1 |
--------------------- | |
| |
--------------------- | |
| Service | | |
| list1 |<--------| |
| | |
| |---------------------------------|
---------------------