I'm calling the following method from the web layer throw a logged in user that has the attached permission:
@PreAuthorize("hasRole('list_users_permission')")
public List<UserDto> getAllUsers() {
........
}
But now I want to call it through a scheduler job, which means that I haven't a logged in user.
Is there a way to bypass this annotation @PreAuthorize("hasRole('list_users_permission')") or to create a virtual user with all the needed permissions ?
First, make getAllUsers()
delegate to a non-secured method:
@PreAuthorize("hasRole('list_users_permission')")
public List<UserDto> getAllUsers() {
return doGetAllUsers();
}
public List<UserDto> doGetAllUsers() {
...
}
Then make the scheduled code invoke doGetAllUsers()
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.