在我的项目中,我的控制器中的方法具有以下结构:
@Controller
@RequestMapping(value="privado")
public class PrivadoController {
@RequestMapping(value="admin")
@PreAuthorize("hasPermission(#usuario, 'admin_main')")
public ModelAndView admin() {
ModelAndView mav = new ModelAndView();
mav.setViewName("privado/admin");
return mav;
}
@RequestMapping(value="customer")
@PreAuthorize("hasPermission(#usuario, 'customer_main')")
public ModelAndView customer() {
ModelAndView mav = new ModelAndView();
mav.setViewName("privado/customer");
return mav;
}
}
方法hasPermission在此CustomPermissionEvaluator类中实现:
@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {
public CustomPermissionEvaluator() {
}
@Override
public boolean hasPermission(Authentication arg0, Object arg1, Object arg2) {
System.out.println("CustomPermissionEvaluator.hasPermission");
if (arg0 == null || !arg0.isAuthenticated())
return false;
else
return arg0.getAuthorities().contains(arg1);
}
@Override
public boolean hasPermission(Authentication arg0, Serializable arg1, String arg2, Object arg3) {
throw new RuntimeException("Id-based permission evaluation not currently supported.");
}
}
我的问题是,尽管通知正确的登录证书,并且对数据库中保存的用户具有适当的角色和权限,但我面临默认访问被拒绝页面(我的项目中有一个自定义页面用于此错误) )。
任何人都能看到我在这里做错了什么?
ps:我的应用程序安全层的完整代码可以在这里找到:
https://github.com/klebermo/webapp2/tree/master/src/com/spring/webapp/lojavirtual/config/security
答案 0 :(得分:0)
在代码中经过仔细分析后,我终于设法解决了这个问题。碰巧我在方法体中使用了错误的参数。我的CustomPermissionEvaluator的最终代码是:
@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {
public CustomPermissionEvaluator() {
}
public boolean hasPermission(Authentication arg0, Object arg1) {
System.out.println("CustomPermissionEvaluator.hasPermission");
System.out.println("arg0 = "+arg0);
System.out.println("arg1 = "+arg1);
if (arg0 == null || !arg0.isAuthenticated()) {
System.out.println("false");
return false;
}
else {
System.out.println("true");
for(GrantedAuthority authority: arg0.getAuthorities()) {
if(authority.getAuthority().equals(arg1))
return true;
}
return false;
}
}
@Override
public boolean hasPermission(Authentication arg0, Object arg1, Object arg2) {
System.out.println("CustomPermissionEvaluator.hasPermission");
System.out.println("arg0 = "+arg0);
System.out.println("arg1 = "+arg1);
System.out.println("arg2 = "+arg2);
if (arg0 == null || !arg0.isAuthenticated()) {
System.out.println("false");
return false;
}
else {
System.out.println("true");
for(GrantedAuthority authority: arg0.getAuthorities()) {
if(authority.getAuthority().equals(arg2))
return true;
}
return false;
}
}
@Override
public boolean hasPermission(Authentication arg0, Serializable arg1, String arg2, Object arg3) {
throw new RuntimeException("Id-based permission evaluation not currently supported.");
}
}