我有几个要求不同权限的API端点。例如:
@ApiOperation(value="Verify if SPM requires update", authorizations = {@Authorization(value = "Authorization")})
@RequestMapping(value="/update", method= RequestMethod.POST)
@PreAuthorize("hasRole('ADMIN')")
public ResponseEntity checkForUpdates(@RequestBody SpmUpdateRequest updateRequest) {
...
return new ResponseEntity<>(result, HttpStatus.OK);
}
Swagger配置:
@Bean
public Docket api1() {
return new Docket(DocumentationType.SWAGGER_2)
.groupName("v1")
.select()
.apis(RequestHandlerSelectors.basePackage("controller.v1"))
.paths(PathSelectors.any())
.build()
.securitySchemes(Collections.singletonList(apiKey()))
.pathProvider(new ExtendRelativePathProvider());
}
问题是上面的示例终结点以夸张的方式显示给所有用户。即使当前用户没有“ ROLE_ADMIN”角色。
是否可以仅显示与@PreAuthorize中的当前用户角色匹配的那些端点?