Spring 安全 @PreAuthorize 使用 SpEL 语言访问自动装配的 bean

Question

我想使用 SpEL 语言在 Spring 安全 @PreAuthorize 下访问我的自动装配 bean。

@Component
@Transactional
public class TodoDao implements ITodoDao {

    @Autowired
    private SessionFactory sessionFactory;

    @Autowired
    private AuthenticationFacade authenticationFacade;

    @Override
    @PreAuthorize("...") // I want to access to one of my autowired bean here
    public void changeTodoStatus(Todo todo) {
        Object user = authenticationFacade.getAuthentication().getPrincipal();
        todo.setDone(!todo.isDone());
        sessionFactory.getCurrentSession().update(todo);
    }
}

Answer 1

在您的 bean 名称前使用“@”：

@Component
@Transactional
public class TodoDao implements ITodoDao {

    @Autowired
    private SessionFactory sessionFactory;

    @Autowired
    private AuthenticationFacade authenticationFacade;

    @Override
    @PreAuthorize("@authenticationFacade.(#toDo)") // I want to access to one of my autowired bean here
    public void changeTodoStatus(Todo todo) {
        Object user = authenticationFacade.getAuthentication().getPrincipal();
        todo.setDone(!todo.isDone());
        sessionFactory.getCurrentSession().update(todo);
    }
}

Spring 安全 @PreAuthorize 使用 SpEL 语言访问自动装配的 bean

Spring Security @PreAuthorize access to autowired bean using SpEL language

java

spring

annotations

spring-security

spring-el