@PostMapping
@ResponseStatus(HttpStatus.CREATED)
@PreAuthorize("@messageSecurityService.isAuthorized(#userAuthentication)")
public void sendMessage(@AuthenticationPrincipal UserAuthentication userAuthentication,
@RequestBody SendMessageRequest sendMessageRequest) {
......
}
我想编写此端点的测试,但出现以下错误。
java.lang.IllegalArgumentException: Failed to evaluate expression '@messageSecurityService.isAuthorized(#userAuthentication)'
at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:30)
at org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice.before(ExpressionBasedPreInvocationAdvice.java:59)
at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:72)
at org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter.vote(PreInvocationAuthorizationAdviceVoter.java:40)
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:63)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:65)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:688)
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1058E: A problem occurred when trying to resolve bean 'messageSecurityService':'Could not resolve bean reference against BeanFactory'
at org.springframework.expression.spel.ast.BeanReference.getValueInternal(BeanReference.java:59)
at org.springframework.expression.spel.ast.CompoundExpression.getValueRef(CompoundExpression.java:53)
at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:89)
at org.springframework.expression.spel.ast.SpelNodeImpl.getTypedValue(SpelNodeImpl.java:114)
at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:300)
at org.springframework.security.access.expression.ExpressionUtils.evaluateAsBoolean(ExpressionUtils.java:26)
... 94 common frames omitted
Caused by: org.springframework.expression.AccessException: Could not …java unit-testing spring-security javabeans spring-expression-language
我想将属性值解析为自定义对象。例子; 我有应用程序属性;说
rules.peakHours.weekday.morning.start=10:15:45
并想将该属性转换为 java LocalTime 对象。
@Configuration
public class RuleUtils {
@Value("#{localTime.parse(\"${rules.peakHours.weekday.morning.start}\")}")
public LocalTime weekDayMorningPeakStart;
我已经尝试过以下方法,但没有帮助。
@Bean
@ConfigurationProperties("localTime")
// @EnableConfigurationProperties(LocalTime.class)
public Class<LocalTime> getLocalTime() {
return LocalTime.class;
}
出现以下错误:
EL1008E: Property or field 'localTime' cannot be found on object of type 'org.springframework.beans.factory.config.BeanExpressionContext'
我尝试了网络和 stackoverflow,但没有得到具体答案。请帮忙。
我知道的唯一解决方法是构造函数注入;但这会使我的构造函数因许多参数而膨胀
@Configuration
public class RuleUtils {
public LocalTime weekDayMorningPeakStart;
public RuleUtils(@Value("${rules.peakHours.weekday.morning.start}") String weekDayMorningPeakStart) {
this.weekDayMorningPeakStart = LocalTime.parse(weekDayMorningPeakStart);
}
是否可以在@PreAuthorize中使用请求标头值?
在我的应用程序中,所有请求都包含一个自定义标头,我需要将其与用户角色结合使用,以确定是否应允许它们访问控制器。
如果有人手动指定标头也没关系,因为这不会成为安全问题,因为最终角色将控制它。但我需要使用它来减少在每个控制器方法中手动检查的次数。
谢谢你,马特
spring spring-security spring-boot spring-expression-language