我有一个用javax.annotation.security中的@RolesAllowed注释的方法,该方法被现有方面使用。
我们正在将Spring缓存支持添加到我们的服务层。缓存可以正常工作,但是我们注意到在某个方法上任何@ Cach *注释都不会被使用。
这是方法签名。
@Override
@RolesAllowed(Roles.VIEW_DATA)
@Cacheable(CacheConstants.DATATYPE_CACHENAME_PREFIX)
public List<Data> list(ListParams params)
这是我的CacheConfiguration。我们正在使用Spring Boot 1.5.14 AutoConfig。
@EnableAspectJAutoProxy(proxyTargetClass = true)
@EnableConfigurationProperties
@EnableCaching
@SpringBootApplication
public class Application {
我尝试了@EnableCaching,同时proxyTargetClass = true和mode = AspectJ。两者都不起作用。模式= AspectJ导致@RolesAllowed注释再次起作用,但随后@Cacheable被忽略。
当存在@Cacheable时,不再是此方面。
@Aspect
@Component
public class ApplicationSecurityMethodInterceptor {
@Autowired
private MethodSecurityMetadataSource methodSecurityMetadataSource;
@Autowired
private AccessDecisionManager methodAccessDecisionManager;
private static final Logger LOGGER = Logger.getLogger(ApplicationSecurityMethodInterceptor.class);
private static final String SCANNED_PACKAGE = "com.company.portal.service";
private static final String INTERCEPT_EXPRESSION = "within(" + SCANNED_PACKAGE + "..*)";
@Before(INTERCEPT_EXPRESSION)
public void intercept(JoinPoint joinPoint) {
if (joinPoint == null) return;
MethodSignature signature = (MethodSignature) joinPoint.getSignature();
if (signature == null) return;
Method method = signature.getMethod();
if (method == null) return;
Object target = joinPoint.getTarget();
if (target == null) return;
Class targetClass = joinPoint.getTarget().getClass();
if (targetClass == null) return;
Collection<ConfigAttribute> attributes = methodSecurityMetadataSource.getAttributes(method, targetClass);
if (CollectionUtils.isEmpty(attributes)) return;
LOGGER.debug(String.format("Intercepting method:[%s.%s], attributes:[%s]",
targetClass.getName(), method.getName(), attributes));
MethodInvocation mi = new SimpleMethodInvocation(target, method, joinPoint.getArgs());
methodAccessDecisionManager.decide(SecurityContextHolder.getContext().getAuthentication(), mi, attributes);
}
}