Do the below two lines behave the same way?
@PreAuthorize("hasPermission(#task, 'MANAGER')
@PreAuthorize("hasPermission(#task, 'manager')
Also, the permission constant is defined as below in the CustomPermission.java
public static final Permission MANAGER = new CustomPermission(1<<7,'M');
Is the permission parameter case-sensitive? Well, yes and no. If the permission is an uppercase String
and you input a lowercase permission, it will work. The opposite won't, though.
I checked Spring's source code. AclPermissionEvaluator
is the default implementation of PermissionEvaluator
, which is the interface that handles the hasPermission()
routine. It tries to find the permission from the original given String
first. If it doesn't find it, it tries again calling toUpperCase()
.
See it for yourself:
if (permission instanceof String) {
String permString = (String) permission;
Permission p;
try {
p = permissionFactory.buildFromName(permString);
}
catch (IllegalArgumentException notfound) {
p = permissionFactory.buildFromName(permString.toUpperCase());
}
if (p != null) {
return Arrays.asList(p);
}
}
Reference:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.