Java Spring安全性:如何使用@RoleAllowed和@RequestBody
我有这样一种方法:Java Spring安全性:如何使用@RoleAllowed和@RequestBody,java,spring-boot,spring-security,Java,Spring Boot,Spring Security,我有这样一种方法: @RolesAllowed("ROLE_A") @RequestMapping(value = "/", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE) public MRSData modifyMarketData(@RequestBody RequestObject body){ return
@RolesAllowed("ROLE_A")
@RequestMapping(value = "/",
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
public MRSData modifyMarketData(@RequestBody RequestObject body){
return repository.save(collection, body);
}
@Document
@Data
public class RequestObject {
@Id
@JsonInclude(JsonInclude.Include.NON_NULL)
private String _id;
private Object metadata;
private Object body;
}
{
"_id": "5f4ba6b3d93a8c1452f596a0",
"metadata": {
"data_type":"A"
}
}
请求如下所示:
@RolesAllowed("ROLE_A")
@RequestMapping(value = "/",
method = RequestMethod.POST,
produces = MediaType.APPLICATION_JSON_VALUE)
public MRSData modifyMarketData(@RequestBody RequestObject body){
return repository.save(collection, body);
}
@Document
@Data
public class RequestObject {
@Id
@JsonInclude(JsonInclude.Include.NON_NULL)
private String _id;
private Object metadata;
private Object body;
}
{
"_id": "5f4ba6b3d93a8c1452f596a0",
"metadata": {
"data_type":"A"
}
}
现在只允许某些角色访问数据\u type=A
我想使用@RolesAllowed或等效工具来阻止基于@RequestBody的请求
我应该如何做到这一点
提前发送如果要根据请求值进行筛选,可以使用@PreAuthorize 文件: 一些例子: 旧答案:
您可以使用@PostAuthorize或@PostFilter根据方法的返回值限制访问。我想根据RequestValue@spattanaik75啊,对不起。编辑了我的答案