[英]@PostFilter does not work with Spring @Aspect
I am trying to do something like this:我正在尝试做这样的事情:
@Component
@Aspect
class CustomAspect {
@Pointcut("within(@com.example.security.Check *)")
public void classAnnotatedWithCheck() {}
@Pointcut("execution(public * *(..))")
public void publicMethod() {}
@Pointcut("publicMethod() && classAnnotatedWithCheck()")
public void publicMethodInsideAClassMarkedWithCheck() {}
@Around(value = "publicMethodInsideAClassMarkedWithCheck()")
public Object execute(ProceedingJoinPoint point) throws Throwable {
return executeWithFilter(point);
}
@PostFilter(value = "hasPermission(filterObject, 'READ')")
private Object executeWithFilter(ProceedingJoinPoint point) throws Throwable {
return point.proceed();
}
}
Aspects work well, but the last method executeWithFilter
is done without filtering.方面运作良好,但最后一个方法
executeWithFilter
是在没有过滤的情况下完成的。 At the same time, filtering works if I add @PostFilter(value = "hasPermission(filterObject, 'READ')")
to a regular service method.同时,如果我将
@PostFilter(value = "hasPermission(filterObject, 'READ')")
添加到常规服务方法中,过滤就会起作用。 Is it even possible to use @PostFilter
in aspects?甚至可以在方面使用
@PostFilter
吗?
Spring Method Security is AOP based. Spring 方法安全性基于 AOP。
Also, from the Spring AOP reference documentation: Declaring an Aspect此外,来自 Spring AOP 参考文档:Declaring an Aspect
In Spring AOP, aspects themselves cannot be the targets of advice from other aspects.
在 Spring AOP 中,切面本身不能成为其他切面建议的目标。 The @Aspect annotation on a class marks it as an aspect and, hence, excludes it from auto-proxying.
class 上的 @Aspect 注释将其标记为方面,因此将其排除在自动代理之外。
Security advices should get applied on a bean for providing @PostFilter
method security, which is not possible on an aspect.应将安全建议应用于 bean 以提供
@PostFilter
方法安全性,这在一个方面是不可能的。 In short Spring security will not work on an aspect.简而言之,Spring 安全性在某个方面不起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.