Is the permission parameter case-sensitive when using with hasPermission in spring security?
Question
Do the below two lines behave the same way?
@PreAuthorize("hasPermission(#task, 'MANAGER')
@PreAuthorize("hasPermission(#task, 'manager')
Also, the permission constant is defined as below in the CustomPermission.java
public static final Permission MANAGER = new CustomPermission(1<<7,'M');
1 answers
solution1
1 ACCPTED 2015-06-29 11:26:00
Is the permission parameter case-sensitive? Well, yes and no. If the permission is an uppercase String and you input a lowercase permission, it will work. The opposite won't, though.
I checked Spring's source code. AclPermissionEvaluator is the default implementation of PermissionEvaluator , which is the interface that handles the hasPermission() routine. It tries to find the permission from the original given String first. If it doesn't find it, it tries again calling toUpperCase() .
See it for yourself:
if (permission instanceof String) {
String permString = (String) permission;
Permission p;
try {
p = permissionFactory.buildFromName(permString);
}
catch (IllegalArgumentException notfound) {
p = permissionFactory.buildFromName(permString.toUpperCase());
}
if (p != null) {
return Arrays.asList(p);
}
}
Reference:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.