将Spring Security ACL与Spring Data REST结合使用 [英] Using Spring Security ACL with Spring Data REST

问题描述

我正在尝试授权Spring Data REST公开的api.到目前为止，我已经能够执行基于角色的授权，即:

I am trying to authorize apis exposed by Spring Data REST. So far I am able to do role-based authorization i.e:

@RepositoryRestResource(path = "book")
public interface BookRepository extends JpaRepository<Book, Long> {

    @PreAuthorize("hasRole('ROLE_ADMIN')")
    <S extends Book> Book save(Book book);
}

在同一个项目中，我还有一个具有ACL机制的服务层，该服务层正在运行.

Also in the same project i have a service layer with ACL mechanism, which is working.

我无法在Spring Data REST中使用PostFilter表达式，即:

I am unable to use PostFilter expression with Spring Data REST i.e:

@PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, admin)")
List<Book> findAll();

如果任何人将ACL与Spring Data REST一起使用，那将有很大的帮助.

It would be of great help, if anyone using ACL with Spring Data REST.

注意:我知道以下未解决的问题:

Note: I am aware of below open issues:

https://jira.spring.io/browse/DATAREST-236

https://jira.spring.io/browse/SEC-2409

推荐答案

使用JpaRepository遮蔽了List< Book> findAll()方法.然后，我使用了CrudRepository，并应用了PostFilter.

using JpaRepository was shadowing List<Book> findAll() method. Then I used CrudRepository, and PostFilter got applied.

有关更多详细信息，可在GitHub上找到一个示例项目: https://github.com/charybr/spring-data-rest-acl

For more details, a sample project is available on GitHub: https://github.com/charybr/spring-data-rest-acl

基于ACL的授权适用于Spring Data REST公开的以下实体.

ACL-based authorization is working for below entity exposed by Spring Data REST.

import org.springframework.data.repository.CrudRepository;
import org.springframework.data.rest.core.annotation.RepositoryRestResource;
import org.springframework.security.access.method.P;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;

@RepositoryRestResource(path = "book")
public interface BookRepository extends CrudRepository<Book, Long> {

    @PreAuthorize("hasRole('ROLE_ADMIN') or hasPermission(#book, 'write')")
    <S extends Book> Book save(@P("book") Book book);

    @Override
    @PostFilter("hasPermission(filterObject, 'read') or hasPermission(filterObject, admin)")
    Iterable<Book> findAll();
}

这篇关于将Spring Security ACL与Spring Data REST结合使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！