Spring 表达式语言和 Spring Security 3:在 @PreAuthorize 中访问 bean 引用 [英] Spring Expression Language and Spring Security 3: accessing bean reference in @PreAuthorize

问题描述

我正在尝试访问 @PreAuthorize 注释中的 bean 引用，如下所示:

I'm trying to access a bean reference in a @PreAuthorize annotation as follows:

@PreAuthorize("@testBean.getTestValue()")
public String testSpEL() {
    ....
}

我有一个配置如下的测试bean:

I have a test bean configured as follows:

@Component(value="testBean")
public class TestBean {
    public boolean getTestValue() {
        return true;
    }
}

然而，当我尝试访问 testSpEL() 方法时，我遇到了以下异常:

When I try to access the testSpEL() method however, I'm confronted with the following exception:

Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1057E:(pos 1): No bean resolver registered in the context to resolve access to bean 'testBean'
    at org.springframework.expression.spel.ast.BeanReference.getValueInternal(BeanReference.java:45)
    at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:52)
    at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:102)
    at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:97)
    at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:11)

我已经彻底完成了我的研究，但我找不到任何需要在我的配置中进行更改才能使其正常工作的地方.有什么指点吗?

I have thoroughly done my research but I can't find anywhere what I need to change in my configuration to get this to work. Any pointers?

谢谢！

亲切的问候，琼克

附言我正在使用 Spring 3.0.5.以下似乎表明这种类型的功能应该有效:

P.S. I'm using Spring 3.0.5. The following seems to indicate this type of functionality should work:

https://jira.springsource.org/browse/SPR-7173

推荐答案

我已经在 SpringSource 上发布了一个类似的问题，结果表明 Spring Security 3.0.5 确实还不支持上述功能.幸运的是 3.1.0.RC1 版本确实支持它，尽管使用非标准 SpEL 语法:

I have posted a similar question at SpringSource, it turns out that indeed the above feature is not yet supported in Spring Security 3.0.5. Luckily version 3.1.0.RC1 does support it, though with non-standard SpEL syntax:

@PreAuthorize("testBean.getTestValue()")
public String testSpEL() {
    ....
}

这是 SpringSource 论坛上线程的 URL:SpringSource 论坛主题

Here is the url of the thread at SpringSource forum: SpringSource forum thread

希望这对某人有所帮助！

Hope this helps someone!

这篇关于Spring 表达式语言和 Spring Security 3:在 @PreAuthorize 中访问 bean 引用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！