[英]Allowing access for specific users in Spring Security
I'm using Spring Security to Secure my Web App. 我正在使用Spring Security保护我的Web应用程序。 I have a page where I show
foo
objects for administrators. 我有一个页面,其中向管理员显示
foo
对象。
<intercept-url pattern="/show_foo/**" access="hasRole('ROLE_ADMIN')" />
But now I have a requirement that a foo
cannot be seen by all the Administrators, for example only administrators with city="New York" can access to the element. 但是现在我要求所有管理员都不能看到
foo
,例如,只有具有city =“ New York”的管理员才能访问该元素。
I've did something in my controller to solve this : 我在控制器中做了一些事情来解决这个问题:
@RequestMapping(method=RequestMethod.GET,value="/show_foo"
public ModelAndView showfunction(Principal user)
{
User user2 = userService.getUserByName(user.getName());
if(/* some checks on user2 */)
/* show page */
else
/* show error page*/
}
So my question is : can I avoid the database call, because I need this almost in all of my pages and I find it ugly to check each time at the top of any controller the same thing over and over. 所以我的问题是:我可以避免数据库调用,因为我几乎在所有页面中都需要这样做,并且发现每次在任何控制器的顶部反复检查同一件事是很难的。 Is there a Spring Security feature for this kind of use cases?.
这种用例是否具有Spring Security功能?
With Expression based rules you can accesss principal even on rule. 使用基于表达式的规则,您甚至可以按规则访问主体。 See: http://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html
请参阅: http : //docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html
For example if you can include needed information on principal object. 例如,如果您可以在主体对象上包括所需的信息。
<intercept-url pattern="/show_foo/**" access="hasRole('ROLE_ADMIN') and principal.name=='xyzzy' " />
you have to put in some logic. 您必须提出一些逻辑。
1.) Either load the user and country mapping and store somewhere in Static
HashMap
, remember to update the map if any changes done in mapping, can store same at session level. 1.)加载用户和国家/地区地图,并将其存储在
Static
HashMap
某个位置,如果在地图中进行的任何更改都可以在会话级进行存储,请记住更新地图。
2.) Load entries in 2nd level cache,
or make queries cacheable, enable query caching
as well. 2.)将条目加载到
2nd level cache,
或使查询可缓存,也启用query caching
。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.