那些遇到过的问题

小编Ass*_*sis的帖子

@Secured 和 @PreAuthorize 注释使用哪些方法起作用?

我有以下示例:

无论如何控制器:

@Controller
@RequestMapping(value = "api/whatever")
public class WhateverController {

    @Autowired private WhateverService whateverService;

    @RequestMapping(value = "/list", method = GET)
    @Secured({ "ROLE_WHATEVER_CANSEARCH" })
    @ResponseBody
    public List<WhateverDTO> findList(@RequestParam(value = "values") String[] values) {
        return whateverService.findThings(values);
    }

}
Run Code Online (Sandbox Code Playgroud)

任何服务:

@Service
public class WhateverService {

    @Autowired private WhateverDAO whateverDAO;

    public List<WhateverDTO> findThings(String[] values) {
        //...
        validate();
        return whateverDAO.findThings(values);
    }

    @Secured({ "ROLE_SPECIFICPERMISSION" }) // Throws AccessDeniedException
    private void validate() {
        if(thing) throw new RuntimeException("You can't...");
    }

}
Run Code Online (Sandbox Code Playgroud)
  1. 注释 @Secured 可以在“WhateverService”的“validate”方法中工作吗?
  2. 如果不会,那为什么呢?
  3. 相同的行为适用于注释@PreAuthorize?

java spring spring-security

Ass*_*sis
lucky-day
2
推荐指数
1
解决办法
573
查看次数

标签 统计

java ×1

spring ×1

spring-security ×1