Spring Security使用PreAuthorize中的hasPermission仅使用一个参数
[英]Spring security use hasPermission within PreAuthorize with only one parameter
问题描述
How can I call the hasPermission function with just one parameter? 
如何仅使用一个参数调用hasPermission函数?
Currently I have something like this: 目前我有这样的事情:
@PreAuthorize("hasPermission('someResource', 'READ')")
I want to be able to do this: 我希望能够做到这一点:
@PreAuthorize("hasPermission('canReadSomeResource')")
Is there an easy way to accomplish this? 有没有简单的方法可以做到这一点? I basically just want to specify the permission that is needed in order to call a method, rather than a resource and a permission. 我基本上只想指定调用方法所需的权限,而不是资源和权限。
2 个解决方案
解决方案1
2 2013-10-15 23:28:39
The specific purpose of hasPermission() is to check whether a user is authorized to execute an operation on a particular domain object. hasPermission()的特定目的是检查用户是否有权在特定域对象上执行操作。 If you're wanting to just check whether a user has a certain general-purpose authority, you should use hasRole() . 如果只想检查用户是否具有某种通用权限,则应使用hasRole() 。
解决方案2
0 2016-07-10 19:51:00
I think you need hasAuthority('canReadSomeResource') that checks the user authority to access a resource. 我认为您需要hasAuthority('canReadSomeResource')检查用户访问资源的权限。
@PreAuthorize("hasAuthority('canReadSomeResource')")
public void myMethod(){
...
}
That authority ( canReadSomeResource ) can be provided to the spring security by implementing UserDetailsService interface. 通过实现UserDetailsService接口,可以将权限( canReadSomeResource )提供给Spring安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.