[英]Spring security use hasPermission within PreAuthorize with only one parameter
How can I call the hasPermission function with just one parameter? 如何仅使用一个参数调用hasPermission函数?
Currently I have something like this: 目前我有这样的事情:
@PreAuthorize("hasPermission('someResource', 'READ')")
I want to be able to do this: 我希望能够做到这一点:
@PreAuthorize("hasPermission('canReadSomeResource')")
Is there an easy way to accomplish this? 有没有简单的方法可以做到这一点? I basically just want to specify the permission that is needed in order to call a method, rather than a resource and a permission.
我基本上只想指定调用方法所需的权限,而不是资源和权限。
The specific purpose of hasPermission()
is to check whether a user is authorized to execute an operation on a particular domain object. hasPermission()
的特定目的是检查用户是否有权在特定域对象上执行操作。 If you're wanting to just check whether a user has a certain general-purpose authority, you should use hasRole()
. 如果只想检查用户是否具有某种通用权限,则应使用
hasRole()
。
I think you need hasAuthority('canReadSomeResource')
that checks the user authority to access a resource. 我认为您需要
hasAuthority('canReadSomeResource')
检查用户访问资源的权限。
@PreAuthorize("hasAuthority('canReadSomeResource')")
public void myMethod(){
...
}
That authority ( canReadSomeResource
) can be provided to the spring security by implementing UserDetailsService
interface. 通过实现
UserDetailsService
接口,可以将权限( canReadSomeResource
)提供给Spring安全。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.