[英]Is the permission parameter case-sensitive when using with hasPermission in spring security?
Do the below two lines behave the same way? 以下两行的行为是否相同?
@PreAuthorize("hasPermission(#task, 'MANAGER')
@PreAuthorize("hasPermission(#task, 'manager')
Also, the permission constant is defined as below in the CustomPermission.java 另外,权限常量在CustomPermission.java中定义如下
public static final Permission MANAGER = new CustomPermission(1<<7,'M');
Is the permission parameter case-sensitive? 权限参数是否区分大小写? Well, yes and no.
好,是的,不是。 If the permission is an uppercase
String
and you input a lowercase permission, it will work. 如果许可权是大写的
String
并且您输入了小写的许可权,那么它将起作用。 The opposite won't, though. 相反,不会。
I checked Spring's source code. 我检查了Spring的源代码。
AclPermissionEvaluator
is the default implementation of PermissionEvaluator
, which is the interface that handles the hasPermission()
routine. AclPermissionEvaluator
是PermissionEvaluator
的默认实现,这是处理hasPermission()
例程的接口。 It tries to find the permission from the original given String
first. 它尝试首先从原始给定的
String
查找许可。 If it doesn't find it, it tries again calling toUpperCase()
. 如果找不到,它将再次尝试调用
toUpperCase()
。
See it for yourself: 亲自查看:
if (permission instanceof String) {
String permString = (String) permission;
Permission p;
try {
p = permissionFactory.buildFromName(permString);
}
catch (IllegalArgumentException notfound) {
p = permissionFactory.buildFromName(permString.toUpperCase());
}
if (p != null) {
return Arrays.asList(p);
}
}
Reference: 参考:
https://github.com/spring-projects/spring-security/blob/7b4a37f27e4ba7045bd63656e49ee0d5ee381ce5/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java https://github.com/spring-projects/spring-security/blob/7b4a37f27e4ba7045bd63656e49ee0d5ee381ce5/acl/src/main/java/org/springframework/security/acls/AclPermissionEvaluator.java
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.