Spring @PostFilter什么时候执行? [英] When does a Spring @PostFilter execute?
问题描述
我正在使用spring的@Around批注来提供DAO调用的缓存,还使用spring安全性的@PostFilter来限制某些记录的查看.但是,我担心缓存可能绕过PostFilter并出现安全问题.
I am using spring's @Around annotations to provide caching of DAO calls and also using spring security's @PostFilter to restrict the viewing of certain records. However I am concerned that the cache could bypass the PostFilter and present a security problem.
我如何知道@PostFilter
和@Around
包裹目标对象的顺序?
How do I tell what order @PostFilter
and @Around
wrap the target object?
推荐答案
您可以通过设置<security:global-method-security>
的order
属性(默认为零)来指定Spring Security方面的顺序.
You can specify an order of Spring Security's aspects by setting the order
attribute of <security:global-method-security>
(I guess it's zero by default).
You can also specify an order of your own aspect as described in 7.2.4.7 Advice ordering:
优先级最高的建议首先在途中"运行(因此,给定两条优先建议,则优先级最高的建议首先运行).从连接点出路"中,优先级最高的建议将最后运行(因此,给定两条后置通知,优先级最高的建议将第二次运行.
...
您可以通过指定优先级来控制执行顺序.通过在方面类中实现org.springframework.core.Ordered接口或使用Order批注对其进行注释,可以通过普通的Spring方法来完成.从两个方面来看,从Ordered.getValue()(或批注值)返回较低值的方面具有较高的优先级.
The highest precedence advice runs first "on the way in" (so given two pieces of before advice, the one with highest precedence runs first). "On the way out" from a join point, the highest precedence advice runs last (so given two pieces of after advice, the one with the highest precedence will run second).
...
You can control the order of execution by specifying precedence. This is done in the normal Spring way by either implementing the org.springframework.core.Ordered interface in the aspect class or annotating it with the Order annotation. Given two aspects, the aspect returning the lower value from Ordered.getValue() (or the annotation value) has the higher precedence.
这篇关于Spring @PostFilter什么时候执行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!