同一实体的两个存储库,一个导出,一个未导出 [英] Two repos for the same entity, one exported and one not
问题描述
使用 Sring Data JPA、Spring Data REST 2.4.2、Spring Security 和 Spring Boot 1.3.1.我有一个帐户实体,我想出于管理目的通过 REST 公开:
Using Sring Data JPA, Spring Data REST 2.4.2, Spring Security and Spring Boot 1.3.1. I have an Account entity that I want to expose over REST for admin purposes:
@PreAuthorize("hasRole('ROLE_ADMIN')") //exclusive admin access
public interface AccountRepository extends JpaRepository<Account, Long> {}
这按预期工作,我可以使用适当的管理员角色访问 REST 界面.
This works as expected and I can access the REST interface with a proper admin role.
我的另一个要求是允许非管理员用户通过 HTTP 进行注册和身份验证.为此,我创建了一个自定义控制器,它通过/register 和/login 资源公开 register() 和 login() 功能.问题在于,当注册/登录内部逻辑与上述 repo 交互时,除了匿名上下文之外,没有可以附加的用户安全上下文.
Another requirement I have is to allow non-admin users to register and authenticate over HTTP. For that I've created a custom Controller that exposes register() and login() functionality over /register and /login resources. The issue is that when the registration/login internal logic interacts with the repo above, there is no user security context that can be attached, apart from an anonymous one.
为了简单起见,我创建了第二个未导出且没有安全要求的存储库:
To keep things simple I have created a second repo that is not exported and has no security requirements:
@RepositoryRestResource(exported = false)
public interface AccountRepositoryInternal extends JpaRepository<Account, Long> {}
然后这个 repo 被注入到所述控制器中.
This repo is then then injected in the said controller.
问题是我看到导出接口的行为不一致.在某些运行时环境中,接口是通过 REST 导出的,而在其他环境中则不是.我可以使用更好的策略吗?
The issue is that I see inconsistent behaviour with the exported interface. In some runtime environments the interface is exported over REST and in others it is not. Is there a better strategy I could use?
推荐答案
您可以在类和方法级别添加 @PreAuthorize
,因此如果您只需要某些方法,请确保:>
You can add @PreAuthorize
at both class and method level, so if you need only some methods do be secured just:
- 只使用一个仓库而不是两个
- 扩展
Repository
而不是JPARepository
从
PagingAndSortingRepository
复制和粘贴(字面意思,它们只是占位符)您需要的所有方法.
- Use only one repo instead of two
- Extend
Repository
instead thatJPARepository
Copy and paste (literally, they are just placeholders) all the methods that you need from
PagingAndSortingRepository
.
根据您的需要将 @PreAuthorize
添加到特定方法,而不是类.
Add @PreAuthorize
accordingly to your needs to specific methods, not to the class.
在存储库接口之间复制和粘贴方法是文档建议的(http://docs.spring.io/spring-data/jpa/docs/1.9.2.RELEASE/reference/html/#repositories.definition-tuning) 如果你想有一个细粒度的控制,比如你的情况.
Copying and pasting methods among repositories interfaces is what the docs suggests (http://docs.spring.io/spring-data/jpa/docs/1.9.2.RELEASE/reference/html/#repositories.definition-tuning) if you want to have a fine grained control, such as in you case.
这篇关于同一实体的两个存储库,一个导出,一个未导出的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!