Spring security @预授权:实现类中的引用属性
我有服务接口Spring security @预授权:实现类中的引用属性,spring-security,spring-el,Spring Security,Spring El,我有服务接口 public interface CompoundService<T extends Compound> { T getById(final Long id); //... } 这基本上就是这里提到的: 然而,没有一个例子,我也没有真正得到解决方案。那么我应该使用这个?或者如上所述的#根目录。这个 我的第二个问题是,由于这是一个将由代理(来自spring)实现的接口,Expressionthis.compoundClass是否实际正确计算 最后但
public interface CompoundService<T extends Compound> {
T getById(final Long id);
//...
}
这个?或者如上所述的#根目录。这个
我的第二个问题是,由于这是一个将由代理(来自spring)实现的接口,Expressionthis.compoundClass
是否实际正确计算
最后但并非最不重要的是,我如何才能真正测试这个*
*
我实际上并不是在创建一个完成的应用程序,而是一些可配置的东西,比如一个用于特定类型数据库搜索的框架。这意味着大多数授权和身份验证都必须来自实现者
单元测试
看
由于这是一个旧教程,您可能需要更改引用的模式版本。但更重要的是,此处显示的SecurityContext.xml配置不适用于SpringSecurity3。有关正确的配置,请参阅
我不需要上述依赖项:
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core-tiger</artifactId>
</dependency>
她的服务实现了上述抽象服务:
public class TestCompoundServiceImpl extends CompoundServiceImpl<TestCompound>
implements TestCompoundService {
//...
public TestCompoundServiceImpl() {
super(TestCompound.class);
}
//...
}
对于上面的示例,表达式将计算为一个名为“read_testcomponent”的角色
完成了
通常情况下,解决方案非常简单,但要做到这一点需要一个PITA
编辑:
对于测试类的完整性:
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
"classpath:ApplicationContext.xml",
"classpath:SecurityContext.xml"
})
public class CompoundServiceSecurityTest {
@Autowired
@Qualifier("testCompoundService")
private TestCompoundService testCompoundService;
public CompoundServiceSecurityTest() {
}
@Before
public void setUp() {
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken("user_test", "pass1"));
}
@Test
public void testGetById() {
System.out.println("getById");
Long id = 1000L;
TestCompound expResult = new TestCompound(id, "Test Compound");
TestCompound result = testCompoundService.getById(id);
assertEquals(expResult, result);
}
}
Public abstract class CompoundServiceImpl<T extends Compound>
implements CompoundService<T> {
private String compoundClassSimpleName;
//...
public ChemicalCompoundServiceImpl(Class<T> compoundClass) {
this.compoundClass = compoundClass;
this.compoundClassSimpleName = compoundClass.getSimpleName();
}
//...
public String getCompoundClassSimpleName(){
return compoundClassSimpleName;
}
}
public class TestCompoundServiceImpl extends CompoundServiceImpl<TestCompound>
implements TestCompoundService {
//...
public TestCompoundServiceImpl() {
super(TestCompound.class);
}
//...
}
public interface CompoundService<T extends Compound> {
@PreAuthorize("hasRole('read_' + #root.this.getCompoundClassSimpleName())")
public T getById(final Long id);
}
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = {
"classpath:ApplicationContext.xml",
"classpath:SecurityContext.xml"
})
public class CompoundServiceSecurityTest {
@Autowired
@Qualifier("testCompoundService")
private TestCompoundService testCompoundService;
public CompoundServiceSecurityTest() {
}
@Before
public void setUp() {
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken("user_test", "pass1"));
}
@Test
public void testGetById() {
System.out.println("getById");
Long id = 1000L;
TestCompound expResult = new TestCompound(id, "Test Compound");
TestCompound result = testCompoundService.getById(id);
assertEquals(expResult, result);
}
}