我有一个类似以下的自定义权限类,我使用@PreAuthorize来实现方法安全性,它可以正常工作,但是我需要基于此类中的一些业务逻辑添加自定义响应头,如果有人可以提供一些帮助的话在这方面,将有很大帮助。
在控制器上
@PreAuthorize(“ hasPermission('APP','GENERIC','VIEW')”)
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler =
new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(new CustomPermissionEvaluator());
return expressionHandler;
}
}
public class CustomPermissionEvaluator implements PermissionEvaluator {
boolean dev = true;
public CustomPermissionEvaluator() {
}
public void init() {
}
@Override
public boolean hasPermission(
Authentication auth, Object targetDomainObject, Object permission) {
System.out.println("CustomPermissionEvaluator.hasPermission()-X");
if ((auth == null) || (targetDomainObject == null) || !(permission instanceof String)){
return false;
}
String targetType = targetDomainObject.getClass().getSimpleName().toUpperCase();
return hasPrivilege(auth, "X",targetType, permission.toString().toUpperCase());
}
@Override
public boolean hasPermission(
Authentication auth, Serializable category, String module, Object permission) {
String cat = (String) category;
System.out.println("CustomPermissionEvaluator.hasPermission()-Y "+module);
if ((auth == null) || StringUtils.isEmpty(module) || !(permission instanceof String)) {
return false;
}
return hasPrivilege(auth, cat,module.toUpperCase(), permission.toString().toUpperCase());
}
}
答案 0 :(得分:0)
这可以在不久的将来对某人有所帮助,我能够以这种方式实现它。
HttpServletResponse resp = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getResponse();
resp.setHeader("TEST", "TEST");