spring security很奇怪的问题? 在配置类使用access表达式一切正常,在注解中使用就会报错?
.antMatchers("/ll").access("@myServiceImpl.hasPermission(request,authentication)")
//正常
@PreAuthorize("@myServiceImpl.hasPermission(request,authentication)")
@RequestMapping("/test1")
public String test1(HttpServletRequest request) {
return "test1";
}//报错
EL1008E: Property or field 'request' cannot be found on object of type 'org.springframework.security.access.expression.method.MethodSecurityExpressionRoot' - maybe not public or not valid?
这是判断逻辑;
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
Object obj = authentication.getPrincipal();
if (obj instanceof UserDetails) {
UserDetails user = (UserDetails) obj;
Collection<? extends GrantedAuthority> authorities = user.getAuthorities();
return authorities.contains(new SimpleGrantedAuthority(request.getRequestURI()));
}
return false;
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
已解决;需要用#来获取方法参数;如
@PreAuthorize("@myServiceImpl.hasPermission(#request,#authentication)")