可以在Spring SecurityMetadataSource上使用表达式吗?
我想通过数据库管理url授权。所以,我要实现安全元数据源。它是完美的,除了不能用表达 下面是我的代码和xml设置 xml可以在Spring SecurityMetadataSource上使用表达式吗?,spring,spring-security,Spring,Spring Security,我想通过数据库管理url授权。所以,我要实现安全元数据源。它是完美的,除了不能用表达 下面是我的代码和xml设置 xml 爪哇 公共类CustomSecurityMetadataSource实现FilterInvocationSecurityMetadataSource{ @凌驾 公共集合getAttributes(对象对象)引发IllegalArgumentException{ FilterInvocation fi=(FilterInvocation)对象; 字符串url=fi.getR
爪哇
公共类CustomSecurityMetadataSource实现FilterInvocationSecurityMetadataSource{
@凌驾
公共集合getAttributes(对象对象)引发IllegalArgumentException{
FilterInvocation fi=(FilterInvocation)对象;
字符串url=fi.getRequestUrl();
HttpServletRequest=fi.getHttpRequest();
//TODO从数据库和缓存获取url授权
字符串[]角色=新字符串[]{“角色\匿名”,“角色\用户”};
返回SecurityConfig.createList(角色);
}
@凌驾
公共集合getAllConfigAttributes(){
返回null;
}
@凌驾
公共布尔支持(类clazz){
返回FilterInvocation.class.isAssignableFrom(clazz);
}
}
我想使用类似于hasAnyRole(“ROLE\u ADMIN”、“ROLE\u USER”)的表达式
如何使用表达式?您找到解决方案了吗?您找到解决方案了吗?
<beans:bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="accessDecisionManager" ref="accessDecisionManager" />
<beans:property name="securityMetadataSource" ref="securityMetadataSource" />
</beans:bean>
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:constructor-arg>
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="" />
</beans:bean>
</beans:list>
</beans:constructor-arg>
<beans:property name="allowIfAllAbstainDecisions" value="false" />
</beans:bean>
<beans:bean id="securityMetadataSource" class="my.package.CustomSecurityMetadataSource">
</beans:bean>
public class CustomSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
FilterInvocation fi = (FilterInvocation) object;
String url = fi.getRequestUrl();
HttpServletRequest request = fi.getHttpRequest();
// TODO get url authorization from db and caching
String[] roles = new String[] { "ROLE_ANONYMOUS", "ROLE_USER"};
return SecurityConfig.createList(roles);
}
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
@Override
public boolean supports(Class<?> clazz) {
return FilterInvocation.class.isAssignableFrom(clazz);
}
}