Spring @Transactional和Spring Security @PreAuthorize的顺序 [英] Order of Spring @Transactional and Spring Security @PreAuthorize
问题描述
所以我有如下内容:
public interface MyService {
@PreAuthorize("hasPermission(T(Name).OBJ, T(Action).GET)")
MyObj getObj(String id);
}
@Service
public class MyServiceImpl implements MyService {
@Override
@Transactional
public MyObj getObj(String id){
return dao.get(id);
}
}
@Controller
public class MyController {
@Resource(name="myServiceImpl")
private MyService service;
public MyObj getObj(String id){
return service.getObj(id);
}
}
调用方法getObj(id)时,首先将所有内容包装在事务中,然后检查授权.是否可以保留此配置,并首先让Spring检查授权,然后在用户被授权的情况下创建事务?
When the method getObj(id) is called, everything is wrapped in a transaction first, then authorization is checked. Is is possible to keep this configuration and first get Spring to check for authorization, then create the transaction if the user is authorized?
我已经花了很多时间寻找答案,却找不到任何东西.
I've spent a good deal searching for an answer and could not find anything.
推荐答案
在配置@Transactional时可以使用order属性:
You can use order attribute when configuring @Transactional:
<tx:annotation-driven order="100"/>
具有较低值的实验,可在授权后移动交易方面.看起来 <security:global-method-security/> 也具有此设置.安全方面需要具有较高的值(较低的优先级)才能首先执行.
Experiment with lower values to move transaction aspect after the authorization one. Looks like <security:global-method-security/> also has this setting. The security aspect needs to have a higher value (lower priority) to be executed first.
-
这篇关于Spring @Transactional和Spring Security @PreAuthorize的顺序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
