我目前正在尝试根据经过身份验证的用户的角色创建动态AntMatcher路径,并将其存储在数据库中。
我的代码:
@Override
public void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.addFilterBefore(new TokenAuthenticationFilter(userAccountService, userRoleService), FilterSecurityInterceptor.class)
.addFilter(new UserAuthenticationFilter(authenticationManager()))
.authorizeRequests()
.antMatchers("/api/**").authenticated()
.and()
.sessionManagement().maximumSessions(1).maxSessionsPreventsLogin(false);
}
例如,如果有人通过ADMIN角色进行了身份验证,则antMatcher路径将使用数据库中允许的路径自动填充
我的域:
Role.class
@Data
@Entity
@Table(name = "sec_role")
@Audited
public class Role {
@Id
@Column(name = "name")
private String name;
@OneToMany(fetch = FetchType.LAZY)
@JoinColumn(name = "access_name", referencedColumnName = "name")
private List<Access> accessList;
@Column(name = "created_by")
private String createdBy;
@Column(name = "updated_by")
private String updatedBy;
@Column(name = "creator_username")
private String creatorUsername;
@Column(name = "updater_username")
private String updaterUsername;
@Column(name = "created_at")
private OffsetDateTime createdAt;
@Column(name = "updated_at")
private OffsetDateTime updatedAt;
}
Access.class
@Data
@Entity
@Table(name = "sec_access")
public class Access {
@Id
@Column(name = "name")
private String name;
@Column(name = "allowedPath")
private String allowedPath;
}
是否有任何可能的方法,而不对每个API使用任何@PreAuthorized或不使用OAUTH2?
任何指南都会有所帮助。
谢谢