我将security.xml文件配置为支持preAuthorized注释
<bean id="permissionEvaluator" class="package.MyPermissionEvaluatorClass" />
<bean id="expressionHandler"
class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="permissionEvaluator" />
</bean>
<global-method-security pre-post-annotations="enabled" proxy-target-class="true">
<expression-handler ref="expressionHandler"/>
</global-method-security>
我添加了proxy-target-class=true作为我的REST类
带注释的我的REST方法看起来像这样
@PreAuthorize("@permissionEvaluator.hasPermission(#organizationId, 'MY_PERMISSION')")
@RequestMapping()
public ModelAndView findProductConfigurationsByOrganizationId(...) {}
我的权限评估类看起来像这样
public class MyPermissionEvaluatorClass extends PermissionEvaluatorImpl {
@Override
public boolean hasPermission(Authentication userObj, Object target, Object permission) {
LOGGER.info("Attempt to resolve permissions for {}.", target);
return false;
}
@Override
public boolean hasPermission(Authentication userObj, Serializable target, String targetType,
Object permission) {
return false;
}
但是当我做休息请求时 - 似乎根本没有输入方法hasPermission。
有什么问题?