在Spring Security中与hasPermission一起使用时,权限参数是否区分大小写?
[英]Is the permission parameter case-sensitive when using with hasPermission in spring security?
问题描述
Do the below two lines behave the same way? 
以下两行的行为是否相同?
@PreAuthorize("hasPermission(#task, 'MANAGER')
@PreAuthorize("hasPermission(#task, 'manager')
Also, the permission constant is defined as below in the CustomPermission.java 另外,权限常量在CustomPermission.java中定义如下
public static final Permission MANAGER = new CustomPermission(1<<7,'M');
1 个解决方案
解决方案1
1 已采纳 2015-06-29 11:26:00
Is the permission parameter case-sensitive? 权限参数是否区分大小写? Well, yes and no. 好,是的,不是。 If the permission is an uppercase String and you input a lowercase permission, it will work. 如果许可权是大写的String并且您输入了小写的许可权,那么它将起作用。 The opposite won't, though. 相反,不会。
I checked Spring's source code. 我检查了Spring的源代码。 AclPermissionEvaluator is the default implementation of PermissionEvaluator , which is the interface that handles the hasPermission() routine. AclPermissionEvaluator是PermissionEvaluator的默认实现,这是处理hasPermission()例程的接口。 It tries to find the permission from the original given String first. 它尝试首先从原始给定的String查找许可。 If it doesn't find it, it tries again calling toUpperCase() . 如果找不到,它将再次尝试调用toUpperCase() 。
See it for yourself: 亲自查看:
if (permission instanceof String) {
String permString = (String) permission;
Permission p;
try {
p = permissionFactory.buildFromName(permString);
}
catch (IllegalArgumentException notfound) {
p = permissionFactory.buildFromName(permString.toUpperCase());
}
if (p != null) {
return Arrays.asList(p);
}
}
Reference: 参考:
https://github.com/spring-projects/spring-security/blob/7b4a37f27e4ba7045bd63656e49ee0d5ee381ce5/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java https://github.com/spring-projects/spring-security/blob/7b4a37f27e4ba7045bd63656e49ee0d5ee381ce5/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.