spring-security编写一个自定义PermissionEvaluator - 如何注入DAO服务? [英] spring-security writing a custom PermissionEvaluator - how to inject a DAO service?
问题描述
我正在使用Spring-Security,我需要实现我自己的PermissionEvaluator(按照我的其他问题。
I'm working with Spring-Security and I need to implement my own PermissionEvaluator (following the answer to my other question.
但是看看标准实现 AclPermissionEvaluator
这里我注意到,DAO是通过构造函数设置的。
However looking at the standard implementation AclPermissionEvaluator
here I notice, that the DAO is set via the constructor.
如果我声明我的自定义PermissionEvaluator这样:
If I declare my custom PermissionEvaluator like this:
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled">
<expression-handler ref="expressionHandler"/>
</global-method-security>
<beans:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<beans:property name="permissionEvaluator">
<beans:bean id="permissionEvaluator" class="com.npacemo.permissions.SomePermissionsEvaluator"/>
</beans:property>
</beans:bean>
我在哪里可以将我的DAO放入Evaluator中,以便我可以访问数据?我可以注入它,意味着PermissionEvaluator是否由Spring管理?
where do I get my DAO into the Evaluator so that I can access data? Can I inject it, meaning is the PermissionEvaluator Spring managed? Or how do I get my dataProvider into the Evaluator?
推荐答案
刚刚搞清楚:PermissionEvaluator是由Spring管理的,所以
Just figured it out: The PermissionEvaluator is Spring managed, so
@Inject
private PermissionManager permissionManager;
将会正常工作。
edit:
对于我们的项目,我们将实现我们自己的PermissionResolver,可能扩展了标准的实现:
edit: For our project we'll implement our own PermissionResolver probably extending the standard Implementation:
public class OurPermissionEvaluator extends AclPermissionEvaluator{
public CombinedPermissionEvaluator(AclService aclService) {
super(aclService);
}
并注入一个自定义ACLService(此教程)
and injecting a custom ACLService (following this tutorial)
public class OurAclServiceImpl implements AclService {
,我们从我们的自定义数据库中检索ACL信息
where we retrieve ACL information from our custom database structure.
为了接线,我们将遵循spring-security联系人示例:
To wire it all we'll follow the spring-security contacts example:
<b:bean id="permissionEvaluator" class="path.to.OurPermissionEvaluator">
<b:constructor-arg ref="aclService"/>
</b:bean>
其中必须声明aclService:
where aclService has to be declared thus:
<bean id="aclService" class="path.to.OurAclServiceImpl">
<constructor args here... >
</bean>
这篇关于spring-security编写一个自定义PermissionEvaluator - 如何注入DAO服务?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!