我正在尝试实现自定义表达式处理程序,出于调试目的,我将复制粘贴从DefaultMethodSecurityExpressionHandler的代码粘贴到我的自定义处理程序。怎么没有调用任何方法。有人可以帮助我,我从过去4小时开始挣扎
以下是配置
<beans:bean id="expressionHandler" class="com.converse.mizu.service.security.acl.CustomMethodSecurityExpressionHandler">
<beans:property name="permissionEvaluator" ref="permissionEvaluator" />
</beans:bean>
<beans:bean class="org.springframework.security.acls.AclPermissionEvaluator" id="permissionEvaluator">
<beans:constructor-arg ref="aclService"/>
</beans:bean>
<beans:bean class="org.springframework.security.acls.jdbc.JdbcMutableAclService" id="aclService">
<beans:constructor-arg ref="dataSource"/>
<beans:constructor-arg ref="lookupStrategy"/>
<beans:constructor-arg ref="aclCache"/>
</beans:bean>
<beans:bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
<beans:constructor-arg ref="dataSource"/>
<beans:constructor-arg ref="aclCache"/>
<beans:constructor-arg ref="aclAuthorizationStrategy"/>
<beans:constructor-arg ref="auditLogger"/>
</beans:bean>
<beans:bean id="aclCache" class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
<beans:constructor-arg>
<beans:bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<beans:property name="cacheManager">
<beans:bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
</beans:property>
<beans:property name="cacheName" value="aclCache"/>
</beans:bean>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="aclAuthorizationStrategy" class="org.springframework.security.acls.domain.AclAuthorizationStrategyImpl">
<beans:constructor-arg>
<beans:list>
<beans:bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
<beans:constructor-arg value="ROLE_ADMIN"/>
</beans:bean>
<beans:bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
<beans:constructor-arg value="ROLE_ADMIN"/>
</beans:bean>
<beans:bean class="org.springframework.security.core.authority.GrantedAuthorityImpl">
<beans:constructor-arg value="ROLE_ADMIN"/>
</beans:bean>
</beans:list>
</beans:constructor-arg>
</beans:bean>
<beans:bean id="auditLogger" class="org.springframework.security.acls.domain.ConsoleAuditLogger"/>
基本上我想对我的集合应用一个后置过滤器,我的安全bean bean看起来像这样
@GET
@Path("")
@Transactional(readOnly=true)
@PostFilter("hasPermission(filterObject, 'read')")
public ResponseVO getCampaignsForLoggedInUserByFilter(@QueryParam("sortby") String sortBy, @QueryParam("isDesc") boolean isDescOrder,@QueryParam("start") int start,
@QueryParam("limit") int limit,@QueryParam("name") String name) throws MizuException {
try {
String userId = SecurityUtil.getCurrentUserId();
logger.debug("userId = "+userId);
CampaignList campaignReturnList = getCampaignList(userId, name, limit, sortBy, isDescOrder, start);
ResponseVO responseVO = GenericUtil.constructResponseVO(ServiceConstants.SUCCESS, null, campaignReturnList);
return responseVO;
} catch (MizuException mze) {
throw mze;
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new MizuException(ErrorConstants.CAMPAIGN_SERVICE_FAILED);
}
}
//@PostFilter("hasPermission(filterObject, 'read')")
@Transactional(readOnly=true)
public CampaignList getCampaignList(String userId,String name,int limit,String sortBy,boolean isDescOrder, int start) throws MizuException{
..logic to get the data from DB
}
当我在getCampaignsForLoggedInUserByFilter方法上应用后置过滤器注释时,至少我的自定义表达式处理程序被调用并得到错误&#34;过滤器目标必须是集合或数组类型,但是&#34; - 这是预期的,但是如果我在getCampaignList上有一个实际返回我的集合的注释,没有显示错误并且我的所有集合都被重新调用,则不调用自定义expressionHandler。我假设注释应该在代码中的任何地方工作,不需要是调用的入口点。
以下是我的安全配置。请注意,以下配置是长期存在的,唯一的变化是包含acl-context文件。
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" authentication-manager-ref="mizuAuthenticationManager" >
<expression-handler ref="expressionHandler"/>
</global-method-security>
<http pattern="/js/**" security="none" />
<http pattern="/css/**" security="none" />
<http pattern="/img/**" security="none" />
<http pattern="/font/**" security="none" />
<http pattern="/index.html*" security="none" />
<http pattern="/rest/url/**" security="none" />
<http pattern="/rest/user/resetpwd/**" security="none" />
<http pattern="/rest/uiads/analytics/uispec/**" security="none" />
<http entry-point-ref="http403EntryPoint" pattern="/autologin">
<custom-filter ref="preAuthFilter" position="PRE_AUTH_FILTER"/>
<session-management invalid-session-url="/" >
<concurrency-control session-registry-ref="sessionRegistry" />
</session-management>
</http>
<http use-expressions="true" entry-point-ref="mizuAuthenticationEntryPoint" disable-url-rewriting="true">
<intercept-url pattern="/rest/signup/selfserve/register/account**" access="hasRole('CREATE_ACCOUNT')"/>
<intercept-url pattern="/html/admin/studio.htm" access="hasRole('SYS_ADMIN_USER')"/>
<intercept-url pattern="/html/register_company.html" access="hasRole('CREATE_ACCOUNT')"/>
<intercept-url pattern="/html/adStudio.htm**" access="isAuthenticated()"/>
<intercept-url pattern="/html/adcreator.htm**" access="isAuthenticated() and hasRole('AD_CREATOR_TOOL')"/>
<intercept-url pattern="/rest/signup/**" access="permitAll"/>
<intercept-url pattern="/rest/**" access="isAuthenticated()"/>
<custom-filter ref="mizuAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER"/>
<custom-filter ref="rememberMeFilter" position="REMEMBER_ME_FILTER"/>
<custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER"/>
<custom-filter ref="requestValidationFilter" before="LAST"/>
<custom-filter ref="customLogoutFilter" position="LOGOUT_FILTER"/>
<session-management session-authentication-strategy-ref="sas"/>
<!-- <logout invalidate-session="true" success-handler-ref="logoutSuccessHandler"/> -->
<access-denied-handler ref="accessDeniedHandler"/>
</http>