在Spring Security中@Secured批注中是否使用'or'条件允许多个角色 [英] Are multiple roles allowed in the @Secured annotation with 'or' condition in Spring Security

问题描述

我在项目中使用spring和spring security 4. 我必须使用ROLE_USER或ROLE_TIMER_TASK调用我的dao方法.

I am using spring and spring security 4 in my project. I have to call my dao method with ROLE_USER or ROLE_TIMER_TASK.

当前我正在使用此注释-

Currently I am using this annotation -

 @Secured({"ROLE_USER", "ROLE_TIMER_TASK"})

此@Secured批注仅允许同时具有两个角色的用户使用，但我想由对此具有任何角色的用户调用此方法.

This @Secured annotation allowing only those users who have both role but I wanna call this method by user who have any one role from this.

如果用户可以从该角色中选择任何一个角色并调用此方法，是否可能?

Could it be possible if user have any one role from this roles and call this method?

推荐答案

对于或，请使用@PreAuthorize批注:

@PreAuthorize("hasRole('ROLE_USER') or hasRole('ROLE_TIMER_TASK')")

在Spring Security版本4中，可以省略ROLE_前缀:

In Spring Security version 4 the ROLE_ prefix can be omitted:

@PreAuthorize("hasRole('USER') or hasRole('TIMER_TASK')")

确保在安全配置中启用了前后注释.

Make sure you have pre- and post-annotations enabled in your security config.

这篇关于在Spring Security中@Secured批注中是否使用'or'条件允许多个角色的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！