如何在Spring Security hasRole中使用常量 [英] How to use constant for Spring Security hasRole

问题描述

我有一个带有Spring Security的JSP.我有一个简单的标签，用于确定用户是否具有这样的ADMIN角色:

I have a JSP with Spring Security. I have a simple tag that determines if the user has an ADMIN role like this:

<sec:authorize access="hasRole('ADMIN')">

，效果很好.我现在正尝试在整个站点中使用许多角色来实现，因此我有一个UserAccess类，其中静态字符串作为我所有角色的常量.所以我尝试这个:

and works fine. I am now trying to implement across the site with many roles, so I have a UserAccess class with static Strings as constants for all my roles. so I try this:

<sec:authorize access="hasRole(UserAccess.ADMIN)">

但这是抛出:

Field or property 'UserAccess' cannot be found on object of type 
'org.springframework.security.web.access.expression.WebSecurityExpressionRoot'

该类在类路径中，我可以使用<% .. %>等访问它.
处理此问题的最佳方法是什么?

The class is in the classpath, I can access it with <% .. %> etc...
What is the best way to handle this?

推荐答案

要引用hasRole中的实例，您需要使用特殊的T运算符并使用该类的完全限定名称.

To reference an instance inside hasRole you need to use the special T operator and use fully qualified name of the class.

<sec:authorize access="hasRole(T(package.UserAccess).ADMIN)">

这篇关于如何在Spring Security hasRole中使用常量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！