Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
可以在Spring SecurityMetadataSource上使用表达式吗?_Spring_Spring Security - Fatal编程技术网
Fatal编程技术网
  • spring/
  • 可以在Spring SecurityMetadataSource上使用表达式吗?

可以在Spring SecurityMetadataSource上使用表达式吗?

spring spring-security

可以在Spring SecurityMetadataSource上使用表达式吗?,spring,spring-security,Spring,Spring Security,我想通过数据库管理url授权。所以,我要实现安全元数据源。它是完美的,除了不能用表达 下面是我的代码和xml设置 xml 爪哇 公共类CustomSecurityMetadataSource实现FilterInvocationSecurityMetadataSource{ @凌驾 公共集合getAttributes(对象对象)引发IllegalArgumentException{ FilterInvocation fi=(FilterInvocation)对象; 字符串url=fi.getR

我想通过数据库管理url授权。所以,我要实现安全元数据源。它是完美的,除了不能用表达

下面是我的代码和xml设置

xml
爪哇

公共类CustomSecurityMetadataSource实现FilterInvocationSecurityMetadataSource{
@凌驾
公共集合getAttributes(对象对象)引发IllegalArgumentException{
FilterInvocation fi=(FilterInvocation)对象;
字符串url=fi.getRequestUrl();
HttpServletRequest=fi.getHttpRequest();
//TODO从数据库和缓存获取url授权
字符串[]角色=新字符串[]{“角色\匿名”,“角色\用户”};
返回SecurityConfig.createList(角色);
}
@凌驾
公共集合getAllConfigAttributes(){
返回null;
}
@凌驾
公共布尔支持(类clazz){
返回FilterInvocation.class.isAssignableFrom(clazz);
}
}
我想使用类似于hasAnyRole(“ROLE\u ADMIN”、“ROLE\u USER”)的表达式

如何使用表达式?

您找到解决方案了吗?您找到解决方案了吗? 
<beans:bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
    <beans:property name="securityMetadataSource" ref="securityMetadataSource" />
</beans:bean>

<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
    <beans:constructor-arg>
        <beans:list>
            <beans:bean class="org.springframework.security.access.vote.RoleVoter">
                <beans:property name="rolePrefix" value="" />
            </beans:bean>
        </beans:list>
    </beans:constructor-arg>
    <beans:property name="allowIfAllAbstainDecisions" value="false" />
</beans:bean>

<beans:bean id="securityMetadataSource" class="my.package.CustomSecurityMetadataSource">
</beans:bean>

public class CustomSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {

    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
        FilterInvocation fi = (FilterInvocation) object;

        String url = fi.getRequestUrl();
        HttpServletRequest request = fi.getHttpRequest();

        // TODO get url authorization from db and caching
        String[] roles = new String[] { "ROLE_ANONYMOUS", "ROLE_USER"};
        return SecurityConfig.createList(roles);
    }

    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }

    @Override
    public boolean supports(Class<?> clazz) {
        return FilterInvocation.class.isAssignableFrom(clazz);
    }
}