使用Spring Boot ;/春季安全
我想使用权限、作用域或类似的权限来允许细粒度地访问REST资源 理想情况下,我想做以下事情:使用Spring Boot ;/春季安全,spring,security,keycloak,pep,Spring,Security,Keycloak,Pep,我想使用权限、作用域或类似的权限来允许细粒度地访问REST资源 理想情况下,我想做以下事情: @PreAuthorize("hasPermission('Brands', 'brands:write')") ResponseEntity<Brand> getBrand(@PathVariable("brandCode") String brandCode); 我已经看过政策执行者,我不清楚它到底应该如何使用 我可以编写以下表格的代码: KeycloakSecurityContext
@PreAuthorize("hasPermission('Brands', 'brands:write')")
ResponseEntity<Brand> getBrand(@PathVariable("brandCode") String brandCode);
KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext();
if (authzContext.hasScopePermission("brands:write")) {
// This works....
}
@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {
@Autowired
private HttpServletRequest request;
@Override
public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {
if ((auth == null) || (targetDomainObject == null) || !(permission instanceof String)){
return false;
}
KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext();
if(targetDomainObject instanceof String) {
return authzContext.hasPermission((String)targetDomainObject, (String)permission);
} else if(targetDomainObject == null) {
return authzContext.hasScopePermission((String)permission);
} else {
return false;
}
}
@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {
@Autowired
private HttpServletRequest request;
@Override
public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {
if ((auth == null) || (targetDomainObject == null) || !(permission instanceof String)){
return false;
}
KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext();
if(targetDomainObject instanceof String) {
return authzContext.hasPermission((String)targetDomainObject, (String)permission);
} else if(targetDomainObject == null) {
return authzContext.hasScopePermission((String)permission);
} else {
return false;
}
}