如何在 Spring Security 3 和 Spring EL 中使用角色层次结构? [英] How to use role-hierarchy in Spring Security 3 with Spring EL?
问题描述
我想在 Spring Security 的服务方法上使用 @PreAuthorize 注释.要求之一是使用角色层次结构.但默认情况下它是不启用的.
I want to use @PreAuthorize annotation on service methods with Spring Security. One of requirements is to use role-hierarchy. But by default it is not enabled.
我发现在 SecurityExpressionRoot 类(表达式根对象的基类")中有一个属性 roleHierarchy. 该类实际上确实将这个属性用于诸如hasRole() 和 hasAnyRole().
I found that in SecurityExpressionRoot class ("the base class for expression root objects") there is a property roleHierarchy. The class actually does use this property for methods like hasRole() and hasAnyRole().
我想如果我为它提供我自己的 RoleHierarchy bean,我将能够使用带有分层角色的 @PreAuthorize 注释.
I suppose that if I supply it with my own RoleHierarchy bean I will be able to use @PreAuthorize annotations with hierarchical roles.
如何将我的层次结构 bean 注入 SecurityExpressionRoot?
How can I inject my hierarchy bean into SecurityExpressionRoot?
推荐答案
为了方法安全,您可以将 RoleHierarchy
设置为 DefaultMethodSecurityExpressionHandler
的属性,如下所示:>
For method security you can set RoleHierarchy
as a property of DefaultMethodSecurityExpressionHandler
, something like this:
<global-method-security ...>
<expression-handler ref = "methodSecurityExpressionHandler" />
</global-method-security>
<beans:bean id = "methodSecurityExpressionHandler"
class = "org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<beans:property name = "roleHierarchy" .../>
</beans:bean>
这篇关于如何在 Spring Security 3 和 Spring EL 中使用角色层次结构?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!