@PostFilter 不适用于 Spring @Aspect
[英]@PostFilter does not work with Spring @Aspect
问题描述
I am trying to do something like this:
我正在尝试做这样的事情:
@Component
@Aspect
class CustomAspect {
@Pointcut("within(@com.example.security.Check *)")
public void classAnnotatedWithCheck() {}
@Pointcut("execution(public * *(..))")
public void publicMethod() {}
@Pointcut("publicMethod() && classAnnotatedWithCheck()")
public void publicMethodInsideAClassMarkedWithCheck() {}
@Around(value = "publicMethodInsideAClassMarkedWithCheck()")
public Object execute(ProceedingJoinPoint point) throws Throwable {
return executeWithFilter(point);
}
@PostFilter(value = "hasPermission(filterObject, 'READ')")
private Object executeWithFilter(ProceedingJoinPoint point) throws Throwable {
return point.proceed();
}
}
Aspects work well, but the last method executeWithFilter is done without filtering.方面运作良好,但最后一个方法executeWithFilter是在没有过滤的情况下完成的。 At the same time, filtering works if I add @PostFilter(value = "hasPermission(filterObject, 'READ')") to a regular service method.同时,如果我将@PostFilter(value = "hasPermission(filterObject, 'READ')")添加到常规服务方法中,过滤就会起作用。 Is it even possible to use @PostFilter in aspects?甚至可以在方面使用@PostFilter吗?
1 个解决方案
解决方案1
1 已采纳 2021-01-22 05:43:46
Spring Method Security is AOP based. Spring 方法安全性基于 AOP。
Also, from the Spring AOP reference documentation: Declaring an Aspect此外,来自 Spring AOP 参考文档:Declaring an Aspect
In Spring AOP, aspects themselves cannot be the targets of advice from other aspects.
Security advices should get applied on a bean for providing @PostFilter method security, which is not possible on an aspect.应将安全建议应用于 bean 以提供@PostFilter方法安全性,这在一个方面是不可能的。 In short Spring security will not work on an aspect.简而言之,Spring 安全性在某个方面不起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.