Spring SPEL对象引用无法“取消引用”方法输入参数对象
[英]Spring SPEL object reference failing to “dereference” method input argument object
问题描述
I am using Spring Security (version 4.0.3.RELEASE) with ACL's-level permissions - I am trying to apply PreAuthorize ACL's permissions to a delete method in my CrudRepository interface using the @PreAuthorize annotation with a call to the SPEL method "hasPermission" (see below). 
我正在使用具有ACL级别权限的Spring Security(版本4.0.3.RELEASE)-我正在尝试使用@PreAuthorize批注并调用SPEL方法“ hasPermission”,将PreAuthorize ACL的权限应用于CrudRepository接口中的delete方法。 (见下文)。 The hasPermission is referencing the input argument using the hash notation that I've seen in several forums, tutorials, and reference docs, but the input argument (the object that I want to delete) is not being picked up by the SPEL parser or supporting framework. hasPermission正在使用我在几个论坛,教程和参考文档中看到的哈希符号引用输入参数,但是SPEL解析器或支持未使用输入参数(我要删除的对象)框架。 So, in other words, I want to delete the object named "apiKey" which is the input argument below. 因此,换句话说,我想删除名为“ apiKey”的对象,这是下面的输入参数。 I reference it in the SPEL annotation using "#apiKey" but when I put a breakpoint in the method org.springframework.security.acls.AclPermissionEvaluator.hasPermission(...) the "domainObject" input argument is NULL. 我在SPEL批注中使用“ #apiKey”引用了它,但是当我在org.springframework.security.acls.AclPermissionEvaluator.hasPermission(...)方法中设置断点时,“ domainObject”输入参数为NULL。
I'm pretty new to Spring and ACL's so I must be doing something fundamentally wrong. 我对Spring和ACL还是很陌生,所以我必须做一些根本错误的事情。 I've tried putting breakpoints in the Spring SPEL Parser and walking through during runtime, but I can't find the piece of the code that resolves the reflective arguments based on the SPEL token. 我曾尝试在Spring SPEL解析器中放置断点并在运行时进行遍历,但是我找不到基于SPEL令牌解析反射参数的代码。 I think it's "hidden" in a native method or something. 我认为它在本机方法中是“隐藏的”。
I've also tried fiddling with the SPEL reference syntax. 我还尝试摆弄SPEL参考语法。 Nothing else seems to parse correctly, so I think the "#argument_name" is the correct syntax - it's just that SPEL fails to dereference the argument object. 似乎没有其他东西可以正确解析,所以我认为“ #argument_name”是正确的语法-只是SPEL无法取消引用参数对象。
My CrudRepository code w/ the object reference ("#apiKey") that isn't working: 我的CrudRepository代码带有对象引用(“ #apiKey”)不起作用:
public interface ApiKeyRepository extends CrudRepository<ApiKey, Long> {
@Override
@PreAuthorize("hasPermission(#apiKey, 'DELETE')")
void delete(ApiKey apiKey);
}
Spring Security code which should be receiving my apiKey object, but instead is getting a NULL value for the domainObject: Spring Security代码应该接收我的apiKey对象,但是正在为domainObject获取NULL值:
public class AclPermissionEvaluator implements PermissionEvaluator {
...
public boolean hasPermission(Authentication authentication, Object domainObject, Object permission) {
if (domainObject == null) {
return false; //<== This is where I'm getting access denied from
}
...
Any ideas as to why SPEL is unable to properly reference by apiKey input argument? 关于SPEL为什么无法通过apiKey输入参数正确引用的任何想法? Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 2016-05-31 19:36:11
I figured out my problem thanks to THIS POST which referenced THIS DOC : 我想出了我的问题,这要归功于THIS POST引用了此DOC :
Apparently you can't make object references to method arguments in an interface without using the @Param annotation on the arg. 显然,如果不使用arg上的@Param批注,就无法对接口中的方法参数进行对象引用。 So, here is my updated code that fixes the issue: 因此,这是我更新的代码来解决此问题:
public interface ApiKeyRepository extends CrudRepository<ApiKey, Long> {
@Override
@PreAuthorize("hasPermission(#apiKey, 'DELETE')")
void delete(@Param("apiKey") ApiKey apiKey);
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.