自定义权限评估器
[英]Custom Permission Evaluator
问题描述
I'm trying to override the default permission evaluator in Spring Security 3.0, but no matter what I do, the permission elevator is ignored and the default, DenyAllPermissionEvaluator is invoked instead. 
我试图覆盖Spring Security 3.0中的默认权限评估器,但是无论我做什么,都会忽略权限提升器, DenyAllPermissionEvaluator调用默认值DenyAllPermissionEvaluator 。
I'm using programmatic configuration, and I've tried setting the permission evaluator by overriding the configure(WebSecurity) and configure(Http) methods of the WebSecurityConfigurerAdapter class, but this doesn't help much. 我正在使用编程配置,并且尝试通过覆盖WebSecurityConfigurerAdapter类的configure(WebSecurity)和configure(Http)方法来设置权限评估WebSecurityConfigurerAdapter ,但这没有太大帮助。
What is the proper way of setting a custom permission evaluator that will actually be used by Spring Security? 设置将由Spring Security实际使用的自定义权限评估程序的正确方法是什么?
1 个解决方案
解决方案1
0 2014-01-10 09:39:20
Using xml conf 使用xml conf
<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled">
<security:expression-handler ref="methodSecurityExpressionHandler"/>
</security:global-method-security>
<bean id="methodSecurityExpressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="defaultPermissionEvaluator"/>
</bean>
and then simply define your bean like normal : 然后像正常一样简单地定义您的bean:
<bean id="defaultPermissionEvaluator" class="com.your.class.implements.permissionevaluator"/>
haven't done with java conf (am I the only person still using xml conf?), but shouldn't be to hard to convert from the above. 尚未完成java conf(我是唯一仍在使用xml conf的人吗?),但不应该很难从以上转换。 And make sure you are defining in the correct place, which in most situations is the root context, hwoever we did it in the web context, so as to secure the controllers 并确保您在正确的位置(在大多数情况下是根上下文)中进行定义,而无论我们是在Web上下文中进行定义,以确保控制器安全
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.