[英]Spring security - securing method request with hasPermission
The common usage is: 常见用法是:
<intercept-url pattern="/**" access"ROLE_ADMIN" />
Is it possible to do something like: 是否可以做类似的事情:
<intercept-url pattern="/**" access"hasPermission("addSomething1") />
I haven't seen hasPermission among security expression listed under allowed: 我没有在allowed下列出的安全表达式中看到hasPermission:
We have only: 我们只有:
authentication; 认证; denyAll;
denyAll; hasAnyRole(list of roles);
hasAnyRole(角色列表); hasIpAddress;
hasIpAddress; isAnonymous() etc.
isAnonymous()等。
I am just guessing if "hasPermission" is allowed for method security then it should be also for web-requests too. 我只是在猜测是否允许“ hasPermission”用于方法安全性,那么它也应该也用于网络请求。
Thanks, 谢谢,
Yap, it is possible. 是的,有可能。 You just need to switch to expression based evaluation
您只需要切换到基于表达式的评估
<security:http use-expressions="true">
and provide PermissionEvaluator
to your expression handler: 并将
PermissionEvaluator
提供给您的表达式处理程序:
<security:expression-hanlder ref="webSecurityExpressionHandler" />
<bean id="webSecurityExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler>
<property name="permissionEvaluator" ref="aclPermissionEvaluator" />
</bean>
Of course you need to have PermissionEvaluator
implementation. 当然,您需要具有
PermissionEvaluator
实现。 You can write your own or you can use spring-acl
project. 您可以编写自己的文件,也可以使用
spring-acl
项目。
Pavel Horal already described how to enable expressions in the intercept-url tag (BTW. After enabled it, all access attributes must been written as SpEl expression!) Pavel Horal已经描述了如何在intercept-url标记中启用表达式(BTW。启用后,所有访问属性必须写为SpEl表达式!)
But there is one thing you need to know: the expressions that are available for the intercept-url tag differ from them that are available for method based security SpEl expressions (like @PreAuthorize). 但是,您需要了解一件事:可用于拦截URL标记的表达式与可用于基于方法的安全SpEl表达式的表达式(例如@PreAuthorize)不同。 It is because the first are implemented in
WebSecurityExpressoonRoot
but the others are implemented in MethodSecurityExpressionRoot
. 这是因为第一个在
WebSecurityExpressoonRoot
中实现,而其他在MethodSecurityExpressionRoot
中实现。
See my answer at this question stackoverflow.com/questions/8321696/… it describe how to extend the web security expression root with additional expressions. 请参阅我在这个问题上的答案stackoverflow.com/questions/8321696/…它描述了如何使用其他表达式扩展Web安全表达式根。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.