我正在尝试将 xml配置转换为java配置
我的XML配置就像这样
<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" access-decision-manager-ref="methodAccessDecisionManager">
<security:expression-handler ref="methodExpressionHandler"/>
</security:global-method-security>
我尝试使用注释进行转换
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
但我没有得到如何转换和使用全局安全方法access-decision-manager-ref="methodAccessDecisionManager"
和<security:expression-handler ref="methodExpressionHandler"/>
答案 0 :(得分:1)
您可以编写自定义方法安全配置,请参阅Spring Security Reference:
5.10.2 GlobalMethodSecurityConfiguration
有时您可能需要执行比
@EnableGlobalMethodSecurity注释允许更复杂的操作。对于这些实例,您可以扩展GlobalMethodSecurityConfiguration以确保子类上存在@EnableGlobalMethodSecurity注释。例如,如果要提供自定义MethodSecurityExpressionHandler,则可以使用以下配置:@EnableGlobalMethodSecurity(prePostEnabled = true) public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration { @Override protected MethodSecurityExpressionHandler createExpressionHandler() { // ... create and return custom MethodSecurityExpressionHandler ... return expressionHandler; } }有关可以覆盖的方法的其他信息,请参阅
GlobalMethodSecurityConfigurationJavadoc。
您修改过的代码:
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Autowired
private AccessDecisionManager accessDecisionManager;
@Autowired
private MethodSecurityExpressionHandler methodSecurityExpressionHandler;
protected MethodSecurityExpressionHandler createExpressionHandler() {
return methodSecurityExpressionHandler;
}
protected AccessDecisionManager accessDecisionManager() {
return accessDecisionManager;
}
}