从属性文件或xml文件中将属性值注入PreAuthorize（...）java注释（未解析） [英] Injecting property values from property file or xml file into PreAuthorize(...) java annotation (Unresolved)

问题描述

我在上一篇文章中提到了这个问题：弹簧安全的SpEL：将值从XML传递到基于Java的SpEL配置。但它还没有解决。我想将值从xml配置或外部文件注入 @PreAuthorize（...）注释。使用 @Value 注释进行注入并不容易。

I've asked this question in my previous post here: SpEL for spring security: Passing Values from XML to Java based SpEL configuration. But it wasn't yet resolved. I want to inject values either from an xml configuration or from external file into @PreAuthorize(...) annotation. It is not easy like injecting by using @Value annotation.

要回忆这个问题，我提供以下信息。

To recall the question, I provide the following information.

1. 我有以下xml配置文件（example.xml），
   具有属性并初始化其对应的值。

1. I have the following xml configuration file (example.xml) that has properties and initialized its corresponding values.

<beans>
    <bean id="userBean" class="x.y.User">
    <property name="name" value="A"/>
    <property name="userId" value="33"/>

    <bean id="customerBean" class="x.y.Customer">
        <property name="name" value="B"/>
        <property name="customerId" value="33"/>
    </bean>
</beans>

我有以下外部属性文件
（example.properties）里面/ WEB-INF文件夹。此文件是上面提到的XML配置文件的
替代。

I have the following external properties file (example.properties) inside /WEB-INF folder. This file is an alternative for the XML configuration file mentioned above.

user.id = 33
customer.id =33

我的applicationContext.xml文件中有属性策略持有者配置

I have property policy holder configuration in my applicationContext.xml file

<context:property-placeholder location="/WEB-INF/*.properties" ignore-unresolvable="true" />

<bean id="propertyConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
      p:location="/WEB-INF/example.properties" p:ignoreUnresolvablePlaceholders="true" />

我有两个模型类：用户和客户

public class User {
    private int userId;

public int getUserId() {
        return userId;
    }
}

public class Customer {
    private int customerId;

    public int getCustomerId(){
        return customerId;
    }
}

我有另一个服务/控制器类我想通过使用 @PreAuthorize 注释来限制
'edit'方法。

限制：当且仅当时，允许该方法（授权执行）
'userId'和'customerId'评估相等！

The restriction: The method is allowed (authorized to be executed) if and only if 'userId' and 'customerId' are evaluated equal!.

为了达到这个限制，我想考虑两种方式

To achieve the restriction, I want to consider two ways

1. 通过将xml文件（example.xml）中的'userId'和'customerId'值注入下面的表达式1 。我在
   中使用的表达式是由Rob Winch建议的（谢谢Rob！）。但是，Spring
   无法评估表达式。

1. by injecting 'userId' and 'customerId' values from the xml file(example.xml) into expression 1 below. The expressions I used in this are suggested by Rob Winch (Thank you Rob!). However, Spring couldn't evaluate the expression.

注入'userId'和'customerId'从外部属性文件（example.properties）到下面的表达式2
的值。同样，spring也无法评估这个表达式。

by injecting 'userId' and 'customerId' values from the external properties file(example.properties) into expression 2 below. Similarly, spring couldn't evaluate this expression as well.

@Service("..") or @Controller
public class MyMainClass {

    //Expression 1
    @PreAuthorize("@userBean.userId == @customerBean.customerId")
        public Boolean edit(User user, Customer custmer)  {
    return true;
    }

    //Expression 2
    ////I've tried other ways as well, but end up with similar exceptions
    @PreAuthorize("${user.id} == ${customer.id}")
    public Boolean edit(User user, Customer customer)  {
        return true;
    }
}

我的问题：

Q1。我必须在 @PreAuthorize 注释中添加哪些正确的表达式，以便将值从xml文件（example.xml）或属性文件（example.properties）注入到 @PreAuthorize（...）表达式，然后可以轻松评估？

Q1. What are the right expressions that I must put inside the @PreAuthorize annotation to inject values from the xml file (example.xml) or from property file (example.properties) into the @PreAuthorize(...) expression, then it can be easily evaluated?

Q2。如果我做了除表达式之外的错误，请指出我。

Q2. Point me if I did mistakes other than the expressions.

Q3。这对我来说就像一个$ 1,000,000.00的问题，因为我厌倦了解决这个问题!!!所以请尽量帮助我！。

Q3. Its like a $1,000,000.00 question for me as I am fed up as hell to solve this issue!!!. So please help me out as much as you can!.

推荐答案

如果您正在使用属性文件并且想要访问它们控制器类，您必须在您的servlet上下文xml文件中添加< context：property-placeholder location =classpath：my.properties/> ，之后您可以使用@Value注释以获取该属性的值。例如
my.properties 文件包含 some.userid = 33 因此您将使用以下方式访问此属性： p>

if you are using properties file and you want to access them in controller classes you have to add <context:property-placeholder location="classpath:my.properties"/> in your servlet context xml file, after that you can use @Value annotation to get the values of that properties. e.g. my.properties file contains some.userid=33 so you would access this property using:

@Value("${some.userid}")
private int someId;

但为了确保测试目的，我会将ignoreUnresolvablePlaceholders设置为false，以防它无法解析属性文件我会知道错误来自哪里...

but to be sure for testing purpose i would set ignoreUnresolvablePlaceholders to false and in case it can't resolve properties file i would know where the error is coming from...

希望它有所帮助。

这篇关于从属性文件或xml文件中将属性值注入PreAuthorize（...）java注释（未解析）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！