Bypass Spring Security @preauthorize
Question
I'm calling the following method from the web layer throw a logged in user that has the attached permission:
@PreAuthorize("hasRole('list_users_permission')")
public List<UserDto> getAllUsers() {
........
}
But now I want to call it through a scheduler job, which means that I haven't a logged in user.
Is there a way to bypass this annotation @PreAuthorize("hasRole('list_users_permission')") or to create a virtual user with all the needed permissions ?
1 answers
solution1
2 ACCPTED 2013-10-07 22:12:02
First, make getAllUsers() delegate to a non-secured method:
@PreAuthorize("hasRole('list_users_permission')")
public List<UserDto> getAllUsers() {
return doGetAllUsers();
}
public List<UserDto> doGetAllUsers() {
...
}
Then make the scheduled code invoke doGetAllUsers() .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Spring Security @PreAuthorize ByPass for specifc role
Spring Security @PreAuthorize
Spring security @PreAuthorize(“hasAnyRole('…')”)
Spring security - @PreAuthorize not working
@Preauthorize Spring Security dynamic
Spring security use of @PreAuthorize
Spring Security @PreAuthorize or @PreFilter
Spring Security @PreAuthorize for validation of controller
@PreAuthorize annotation not working spring security
Spring Security @PreAuthorize- ProviderNotFoundException
Related Tags