如何在JSP页面中配置Spring Security以允许使用hasPermission? [英] How configure the Spring Security to allow the use for hasPermission in the JSP page?

查看：119 发布时间：2020/4/23 12:10:45 spring jsp spring-mvc spring-security acl

本文介绍了如何在JSP页面中配置Spring Security以允许使用hasPermission?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试从spring项目的jsp页面中使用hasPermission.我已经在我的控制器/服务类的方法中毫无问题地使用了它.阅读文章:

I am trying use hasPermission in my jsp pages from my spring project. I already use this with no problem in the methods from my controller / service classes. Reading the article:

http ://docs.spring.io/spring-security/site/docs/4.0.0.M1/reference/htmlsingle/#the-accesscontrollist-tag

我从官方文档中了解到，为此，我将需要实现一个从DefaultPermission派生的类，该类将从自定义AclService类加载.

from official documentation, I understood that for do that I nwill need implement a class derived from DefaultPermission which would be loaded from a custom AclService class.

我的问题是我找不到有关如何实现所有这些类的任何信息，甚至不知道这种方法是唯一的还是我以正确的方式理解了该主题(官方文档非常简短)关于这个主题，在互联网的其余部分，我找不到更多信息.

My problem it's i can't find any information of how implement all that classes, and even don't know if this approach it's the only one or if I understood the subject in the right way (the official documentation is very brief about this subject, and in the rest of internet i can't find more information).

任何人都可以在这里指出正确的方向吗?也许指示一些教程或代码示例.

Anyone can point me in the right direction here? Maybe indicate some tutorial or sample of code.

更新

在这里从StackOverflow阅读其他主题，我发现了这种建议:

Reading other topics here from StackOverflow, I found this sugestion:

This is what I have done. I created my own permission evaulator:

>     public class MyPermissionEvaluator implements PermissionEvaluator {
>     ...
>     }

Then I configured spring to use that evaulator via

>     <beans:bean id="expressionHandler"
>         class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
>           <beans:property name="permissionEvaluator" ref="permissionEvaluator"/>
>     </beans:bean>
>     
>     <beans:bean id="webExpressionHandler" 
>         class="com.bulb.learn.webapp.security.CustomWebSecurityExpressionHandler">
>         <beans:property name="permissionEvaluator" ref="permissionEvaluator"/>
>     </beans:bean>
>     
>     <beans:bean id="permissionEvaluator" class="my.domain.MyPermissionEvaluator" />

That way all expression handlers have access to my evaulator.

Then, in JSP (actually, I am using jspx), I can make tags like this:

>     <sec:authorize access="hasPermission(#childUnit, 'read')">
>          ...
>     </sec:authorize>

Hope that gets you heading in the right direction.

由于我已经有一个Custom PermissionEvaluator，因此我尝试使用此方法.它可以部分工作，但是现在，即使在用户具有权限的情况下，标记内的元素也不会显示.同样，日食表示与此标签相关的错误(令牌语法错误，构造位置错误")，尽管构建和执行的应用程序没有错误.

As I already have a Custom PermissionEvaluator, I try this method. It works partially, but now, even when the user has the permission, the element inside the tag isn't displayed. Also, the eclipse indicate an error related to this tag ('Syntax error on token(s), misplaced construct(s)'), despite the application being built and executed without errors.

在控制台中，显示此错误:

In the console, this error is displayed:

un 03, 2014 7:48:40 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'cadastra_usuario' on object null
Jun 03, 2014 7:48:40 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'altera_usuario' on object null
Jun 03, 2014 7:48:40 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'remove_usuario' on object null
Jun 03, 2014 7:48:45 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'cadastra_permissao' on object null
Jun 03, 2014 7:48:45 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'altera_permissao' on object null
Jun 03, 2014 7:48:45 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'remove_permissao' on object null
Jun 03, 2014 7:48:57 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'cadastra_usuario' on object null
Jun 03, 2014 7:48:57 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'altera_usuario' on object null
Jun 03, 2014 7:48:57 PM org.springframework.security.access.expression.DenyAllPermissionEvaluator hasPermission
Advertência: Denying user klebermo permission 'remove_usuario' on object null

在Internet上，我发现有些文章暗示我应该为WebSecurityExpressionHandler实现一个接口.

In the Internet, I found some articles sugesting I should implement a Interface for WebSecurityExpressionHandler.

任何人都知道正确的步骤吗?

Anyone know what the right step here?

更新2

以前，我使用的是此标记:

Previously, I was using this tag:

<sec:accesscontrollist hasPermission="1,2" domainObject="${someObject}">

如果用户具有给定对象上的值"1"或"2"所表示的权限，则将显示此内容.

This will be shown if the user has either of the permissions represented by the values "1" or "2" on the given object.

</sec:accesscontrollist>

控制台中未显示任何错误，但仍然无法正常工作.我的问题是我需要实现哪个对象来为标记的domainObject分配属性?

where no error was displayed in the console, but still doesn't work. My question which object I need implement to atribute domainObject of the tag?

如何在JSP页面中配置Spring Security以允许使用hasPermission? [英] How configure the Spring Security to allow the use for hasPermission in the JSP page?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

如何在JSP页面中配置Spring Security以允许使用hasPermission? [英] How configure the Spring Security to allow the use for hasPermission in the JSP page?

问题描述

推荐答案

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭