Spring@PreAuthorize将null传递给服务
我对@PreAuthorize和检查指定用户是否可以访问搜索项目的服务有问题 获取项目的一个服务调用DistributionRequest工作正常-@PreAuthorize接收并传递正确的distId。另一个updateDistributionRequestExportFileName也获取正确的distId并将其传递给distributionRequestService。在方法userbelongstorecipientofDistributionRequest中,distId为null 带有两个web服务的SpringRestControllerSpring@PreAuthorize将null传递给服务,spring,spring-security,Spring,Spring Security,我对@PreAuthorize和检查指定用户是否可以访问搜索项目的服务有问题 获取项目的一个服务调用DistributionRequest工作正常-@PreAuthorize接收并传递正确的distId。另一个updateDistributionRequestExportFileName也获取正确的distId并将其传递给distributionRequestService。在方法userbelongstorecipientofDistributionRequest中,distId为null 带
@RestController
@RequestMapping(produces = MediaType.APPLICATION_JSON_UTF8_VALUE)
public class DistributionRequestRESTController {
@Autowired
private @Getter @Setter DistributionRequestService distributionRequestService;
private final Logger log = LoggerFactory.getLogger(this.getClass());
private String logResponse = " - response: ";
@Autowired
public DistributionRequestRESTController(DistributionRequestService distributionRequestService) {
this.distributionRequestService = distributionRequestService;
}
@RequestMapping(value = Consts.URLDISTRIBUTIONREQUEST + Consts.URLDISTREQID)
public DistributionRequest callDistributionRequest(@PathVariable long distId) {
String loginfo = "get distribution with id: " + distId;
//log.info(loginfo);
DistributionRequest found = distributionRequestService.findOne(distId);
log.info(loginfo + logResponse + JSONParser.toJsonString(found));
return found;
}
@RequestMapping(method = RequestMethod.POST, value = Consts.URLDISTRIBUTIONREQUEST + Consts.URLDISTREQID + Consts.URLUPDATE + Consts.URLFILENAME)
public DistributionRequest updateDistributionRequestExportFileName(
@PathVariable long distId,
@RequestBody String fileName,
@AuthenticationPrincipal UserDetails user) {
String loginfo = user.getUsername() + " try to update filename with : " + fileName;
//log.info(loginfo);
DistributionRequest updated =
distributionRequestService.updateExportFilename(distId, fileName);
log.info(loginfo + logResponse + JSONParser.toJsonString(updated));
return updated;
}
}
服务接口:
public interface DistributionRequestService {
@PreAuthorize(value = "hasAnyAuthority('USER', 'ADMIN') and @distributionRequestOwnerService.userBelongsToRecipientOfTheDistributionRequest(#distId)")
DistributionRequest findOne(Long distId);
@PreAuthorize(value = "hasAnyAuthority('USER', 'ADMIN') and @distributionRequestOwnerService.userBelongsToRecipientOfTheDistributionRequest(#distId)")
DistributionRequest updateExportFilename(Long distId, String filename);
}
以及检查用户是否可以访问搜索项的类
@Service(value = "distributionRequestOwnerService")
public class DistributionRequestOwnerServiceImpl implements DistributionRequestOwnerService {
@Autowired
private AccountService accountService;
@Autowired
private DistributionRequestsRepository distributionRequestsRepository;
@Override
public boolean userBelongsToRecipientOfTheDistributionRequest(Long distId) {
return userBelongsToRecipientOfTheDistributionRequest(distId, null);
}
@Override
public boolean userBelongsToRecipientOfTheDistributionRequest(Long distributionRequestId, String username) {
DistributionRequest distributionRequest = distributionRequestsRepository.findOne(distributionRequestId);
ServiceAccount currentUser;
if (username == null)
currentUser = accountService.getCurrentUser();
else
currentUser = accountService.findByUsername(username);
if (distributionRequest != null
&& distributionRequest.getRecipientId() == currentUser.getRecipientId())
return true;
throw new AercacheWSException(Consts.EXCEPTIONMISSINGELEMENTORPERMITION);
}
}
有什么想法吗
提前感谢找到了解决方案
应注释接口中的as@teppic点参数
public interface DistributionRequestService {
@PreAuthorize(value = "hasAnyAuthority('USER', 'ADMIN') and @distributionRequestOwnerService.userBelongsToRecipientOfTheDistributionRequest(#distId)")
DistributionRequest findOne(@Param("distId") Long distId);
@PreAuthorize(value = "hasAnyAuthority('USER', 'ADMIN') and @distributionRequestOwnerService.userBelongsToRecipientOfTheDistributionRequest(#distId)")
DistributionRequest updateExportFilename(@Param("distId") Long distId, String filename);
}
找到了解决办法
应注释接口中的as@teppic点参数
public interface DistributionRequestService {
@PreAuthorize(value = "hasAnyAuthority('USER', 'ADMIN') and @distributionRequestOwnerService.userBelongsToRecipientOfTheDistributionRequest(#distId)")
DistributionRequest findOne(@Param("distId") Long distId);
@PreAuthorize(value = "hasAnyAuthority('USER', 'ADMIN') and @distributionRequestOwnerService.userBelongsToRecipientOfTheDistributionRequest(#distId)")
DistributionRequest updateExportFilename(@Param("distId") Long distId, String filename);
}