在我的项目中,控制器中的方法具有以下结构:
@Controller
@RequestMapping(value="privado")
public class PrivadoController {
@RequestMapping(value="admin")
@PreAuthorize("hasPermission(#usuario, 'admin_main')")
public ModelAndView admin() {
ModelAndView mav = new ModelAndView();
mav.setViewName("privado/admin");
return mav;
}
@RequestMapping(value="customer")
@PreAuthorize("hasPermission(#usuario, 'customer_main')")
public ModelAndView customer() {
ModelAndView mav = new ModelAndView();
mav.setViewName("privado/customer");
return mav;
}
}
方法hasPermission在此CustomPermissionEvaluator类中实现:
@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {
public CustomPermissionEvaluator() {
}
@Override
public boolean hasPermission(Authentication arg0, Object arg1, Object arg2) {
System.out.println("CustomPermissionEvaluator.hasPermission");
if (arg0 == null || !arg0.isAuthenticated())
return false;
else
return arg0.getAuthorities().contains(arg1);
}
@Override
public boolean hasPermission(Authentication arg0, Serializable arg1, String arg2, Object arg3) {
throw new RuntimeException("Id-based permission evaluation not currently supported.");
}
}
我的问题是,尽管通知了正确的登录凭据,并为数据库中保存的用户提供了适当的角色abd权限,但我仍面临着默认的拒绝访问页面(并且我的项目中有一个针对此错误的自定义页面)。
有人可以在这里看到我做错了吗?
ps .:我的应用程序安全层的完整代码可以在这里找到:
https://github.com/klebermo/webapp2/tree/master/src/com/spring/webapp/lojavirtual/config/security
在对代码进行了更仔细的分析之后,我终于设法解决了这个问题。碰巧我在方法的主体中使用了错误的参数。我的CustomPermissionEvaluator的最终代码是:
@Component
public class CustomPermissionEvaluator implements PermissionEvaluator {
public CustomPermissionEvaluator() {
}
public boolean hasPermission(Authentication arg0, Object arg1) {
System.out.println("CustomPermissionEvaluator.hasPermission");
System.out.println("arg0 = "+arg0);
System.out.println("arg1 = "+arg1);
if (arg0 == null || !arg0.isAuthenticated()) {
System.out.println("false");
return false;
}
else {
System.out.println("true");
for(GrantedAuthority authority: arg0.getAuthorities()) {
if(authority.getAuthority().equals(arg1))
return true;
}
return false;
}
}
@Override
public boolean hasPermission(Authentication arg0, Object arg1, Object arg2) {
System.out.println("CustomPermissionEvaluator.hasPermission");
System.out.println("arg0 = "+arg0);
System.out.println("arg1 = "+arg1);
System.out.println("arg2 = "+arg2);
if (arg0 == null || !arg0.isAuthenticated()) {
System.out.println("false");
return false;
}
else {
System.out.println("true");
for(GrantedAuthority authority: arg0.getAuthorities()) {
if(authority.getAuthority().equals(arg2))
return true;
}
return false;
}
}
@Override
public boolean hasPermission(Authentication arg0, Serializable arg1, String arg2, Object arg3) {
throw new RuntimeException("Id-based permission evaluation not currently supported.");
}
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句