接口角色权限"/>
security + oauth2 @PreAuthorize 动态配置接口角色权限
使用@PreAuthorize(“hasRole(‘ROLE_ADMIN’)”)配置接口角色权限时,角色是写死的,无法根据我资源授权动态配置,通过参考.pc_aggpage_search_result.none-task-blog-2aggregatepagefirst_rank_ecpm_v1~rank_v31_ecpm-1-115370515.pc_agg_new_rank&utm_term=preauthorize%E6%B3%A8%E8%A7%A3%E6%80%8E%E4%B9%88%E5%85%B3%E8%81%94%E6%9D%83%E9%99%90%E7%9A%84&spm=1000.2123.3001.4430
发现@PreAuthorize传入的方法可以自定义,于是便想到了实现这一个功能的方案:
public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {private Object filterObject;private Object returnObject;private Object target;CustomMethodSecurityExpressionRoot(Authentication a) {super(a);}public void setFilterObject(Object filterObject) {this.filterObject = filterObject;}public Object getFilterObject() {return this.filterObject;}</
更多推荐
security + oauth2 @PreAuthorize 动态配置接口角色权限
发布评论