Java 将@HandleBeforeSave方法添加到@RepositoryEventHandler类将从RESTAPI中删除底层@Entry
问题 我正在使用Java 将@HandleBeforeSave方法添加到@RepositoryEventHandler类将从RESTAPI中删除底层@Entry,java,spring,rest,spring-mvc,spring-data-rest,Java,Spring,Rest,Spring Mvc,Spring Data Rest,问题 我正在使用spring,在此过程中,我添加了一个@RepositoryEventHandler(User.class),用于在修改用户时进行更新(PUT) 我希望能够设置谁正在对用户进行编辑 我创建了一个@handlebeforesereal,它可以很好地用于HTTP POST,但只要我添加@handlebeforeseave,用户REST API就不再可用。我没有看到正在创建的堆栈跟踪 问题 @Configuration @EnableWebSecurity @EnableGlobalM
spring
,在此过程中,我添加了一个@RepositoryEventHandler(User.class)
,用于在修改用户时进行更新(PUT)
我希望能够设置谁正在对用户进行编辑
我创建了一个@handlebeforesereal
,它可以很好地用于HTTP POST,但只要我添加@handlebeforeseave
,用户
REST API就不再可用。我没有看到正在创建的堆栈跟踪
问题
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private SpringDataJpaUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(this.userDetailsService)
.passwordEncoder(MCBPasswordEncoder.PASSWORD_ENCODER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/built/**", "/main.css").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/", true)
.permitAll()
.and()
.httpBasic()
.and()
.csrf().disable() // TODO enable for production
.logout()
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/");
}
}
在创建@handlebeforestave
@RepositoryEventHandler
@Component
@RepositoryEventHandler(User.class)
public class SpringDataRestEventHandler {
private final UserRepository userRepository;
@Autowired
public SpringDataRestEventHandler(UserRepository userRepository) {
this.userRepository = userRepository;
}
@HandleBeforeCreate
public void applyUserInformationUsingSecurityContext(User user) throws {
String name = SecurityContextHolder.getContext().getAuthentication().getName();
User manager = this.userRepository.findByUserName(name);
if (!manager.hasRole("ROLE_MANAGER")) {
throw new Exception("No manager found for user on applyUserInformationUsingSecurityContext.");
}
user.setManager(name);
}
@HandleBeforeSave
public void applyManagerFromSecurityContext(User user) {
System.out.println("calling before save");
}
}
证券配置
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private SpringDataJpaUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(this.userDetailsService)
.passwordEncoder(MCBPasswordEncoder.PASSWORD_ENCODER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/built/**", "/main.css").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.defaultSuccessUrl("/", true)
.permitAll()
.and()
.httpBasic()
.and()
.csrf().disable() // TODO enable for production
.logout()
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.logoutSuccessUrl("/");
}
}
最后,问题实际上与我为用户
@实体创建的两个存储库有关。我得到了奇怪的结果,API会出现(一次回购)而消失(另一次回购)
从那以后,我已通过
- 只使用一个repo而不是两个Extend Repository
JPARepository
- 从PagingAndSortingRepository复制并粘贴我需要的方法李>
- 将@PreAuthorize相应地添加到特定方法中,而不是添加到
这个班。当我想在restapi之外操作repo时,这是最初的问题
Minor:方法hasRole不需要其参数具有ROLE_uu前缀。检查@