方面可以有条件地呈现 JSP 页面的某些部分吗?
目前jsp页面有正常的授权标签来有条件地渲染链接和信息等。该网站位于内网,我们使用的是Spring Security 2.0.4。
我现在有一个业务用户,他希望在最初几周内允许所有角色访问所有内容,然后随着从业务收集反馈,逐渐添加安全性。
不是遍历每个页面,删除授权标签,然后只需将它们放回去,是否可以通过一个方面来配置这些标签,或者是否有其他方法可以将其外部化到配置文件中?我找到了 Spring 的 MethodSecurityInterceptor 和元数据标签,但这些不会给我外部化。
我过去一个小时一直在谷歌上搜索,现在我很确定这是不可能的,但很想知道我没有提出正确的问题。
感谢建议
At present the jsp pages have normal authorize tags to conditionally render links and information etc. The website is on the intranet, and we're using Spring Security 2.0.4.
Ive now got a business user who wants to allow all roles to access everything for the first few weeks, then gradually add the security back in as feedback is gathered from the business.
Rather than go through every page, removing the authorize tags, only to have to put them back in, is is possible to configure these through an aspect, or is there any other way to externalize this into a config file ? I've found Spring's MethodSecurityInterceptor and the meta data tags, but these wouldn't give me the externalization.
I've been on google for the last hour, and am now pretty sure this can't be done, but would love to find out I haven't been asking the right questions.
Advice appreciated
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我得出的结论是,它无法按照我最初想象的方式完成 - 这是我第一次了解 Aspects。
我最终使用了扩展 Spring 2 AuthorizeTag 的自定义标签。自定义标签采用一个字符串参数,该参数可以用作资源包键。
标签类使用密钥查找资源包以解析为
例如,
然后使用返回的字符串与用户的角色进行比较。
它工作得相当好,并且将授权从 jsp 外部化和集中化。
I came to the conclusion it couldn't be done the way I originally thought it could - this was my first look at Aspects.
I ended up using a custom tag that extended the Spring 2 AuthorizeTag. The custom tag takes a String parameter, that could be used as a resource bundle key.
The tag class looked up the resource bundle using the key to resolve as
e.g
then used the returned String for the comparison against the user's roles.
It works reasonably well, and externalizes and centralizes authorization away from the jsp.