spring security 3中@Secured和@PreAuthorize有什么区别? [英] What's the difference between @Secured and @PreAuthorize in spring security 3?
本文介绍了spring security 3中@Secured和@PreAuthorize有什么区别?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我不清楚弹簧安全性之间的区别是什么:
It's not clear for me what is the difference in spring security between :
@PreAuthorize("hasRole('ROLE_USER')")
public void create(Contact contact)
还有
@Secured("ROLE_USER")
public void create(Contact contact)
我知道 PreAuthorize 可以与 spring el 一起使用,但在我的示例中,有真正的区别吗?
I understand PreAuthorize can work with spring el but in my sample, is there a real difference ?
推荐答案
真正的区别在于 @PreAuthorize
可以与 Spring 表达式语言 (SpEL).您可以:
The real difference is that @PreAuthorize
can work with Spring Expression Language (SpEL). You can:
SecurityExpressionRoot
.访问方法参数(需要使用调试信息或自定义
ParameterNameDiscoverer
):
@PreAuthorize("#contact.name == principal.name")
public void doSomething(Contact contact)
MethodSecurityExpressionHandler
并将其设置为 <global-method-security><expression-handler .../></...>
).这篇关于spring security 3中@Secured和@PreAuthorize有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文