Java Spring安全性：如何使用@RoleAllowed和@RequestBody_Java_Spring Boot_Spring Security

Java Spring安全性：如何使用@RoleAllowed和@RequestBody

java spring-boot spring-security

Java Spring安全性：如何使用@RoleAllowed和@RequestBody,java,spring-boot,spring-security,Java,Spring Boot,Spring Security,我有这样一种方法： @RolesAllowed("ROLE_A") @RequestMapping(value = "/", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) public MRSData modifyMarketData(@RequestBody RequestObject body){ return

我有这样一种方法：

@RolesAllowed("ROLE_A")
@RequestMapping(value = "/",
        method = RequestMethod.POST,
        produces = MediaType.APPLICATION_JSON_VALUE)
public MRSData modifyMarketData(@RequestBody RequestObject body){
    return repository.save(collection, body);
}

@Document
@Data
public class RequestObject {
    @Id
    @JsonInclude(JsonInclude.Include.NON_NULL)
    private String _id;
    private Object metadata;
    private Object body;
}

{
    "_id": "5f4ba6b3d93a8c1452f596a0",
    "metadata": {
        "data_type":"A" 
    }
}

请求如下所示：

@RolesAllowed("ROLE_A")
@RequestMapping(value = "/",
        method = RequestMethod.POST,
        produces = MediaType.APPLICATION_JSON_VALUE)
public MRSData modifyMarketData(@RequestBody RequestObject body){
    return repository.save(collection, body);
}

@Document
@Data
public class RequestObject {
    @Id
    @JsonInclude(JsonInclude.Include.NON_NULL)
    private String _id;
    private Object metadata;
    private Object body;
}

{
    "_id": "5f4ba6b3d93a8c1452f596a0",
    "metadata": {
        "data_type":"A" 
    }
}

现在只允许某些角色访问数据\u type=A

我想使用@RolesAllowed或等效工具来阻止基于@RequestBody的请求

我应该如何做到这一点

提前发送

如果要根据请求值进行筛选，可以使用@PreAuthorize

文件：

一些例子：

旧答案：

您可以使用@PostAuthorize或@PostFilter根据方法的返回值限制访问。

我想根据RequestValue@spattanaik75啊，对不起。编辑了我的答案