如何以编程方式访问来自Spring安全中的元素
如何以编程方式访问拦截 URL 声明的内容(来自 http://www.springframework.org /schema/security 架构)?例如,
<http auto-config='true'>
<intercept-url pattern="/static/**" filters="none" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
...
</http>
Spring安全角色映射用于限制对某些页面的访问。我想提取相同的角色映射信息(pattern 和 accept 属性),以便能够仅在 html 菜单中显示每个角色有权查看的页面。
我查看了 HttpConfigurationBuilder,但它受包保护,似乎没有提供那么多信息。我也尝试过:
FilterSecurityInterceptor interceptor = appContext.getBean(FilterSecurityInterceptor.class);
if (interceptor != null) {
for (ConfigAttribute attr : interceptor.getSecurityMetadataSource().getAllConfigAttributes()) {
// Extract the attributes ...
attr.getAttribute();
}
}
但我只设法访问角色,而不是 url 模式。
How can I programmatically access the contents of the intercept-url declarations (from the http://www.springframework.org/schema/security schema)? E.g.,
<http auto-config='true'>
<intercept-url pattern="/static/**" filters="none" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
...
</http>
Spring security role mapping is used to restrict access to certain pages. I want to extract the same role mapping information (the pattern and accept attributes) to be able to only show those pages in the html-menu that each role has access to see.
I've had a look at the HttpConfigurationBuilder, but it's package protected and doesn't seem to offer so much information. I've also tried:
FilterSecurityInterceptor interceptor = appContext.getBean(FilterSecurityInterceptor.class);
if (interceptor != null) {
for (ConfigAttribute attr : interceptor.getSecurityMetadataSource().getAllConfigAttributes()) {
// Extract the attributes ...
attr.getAttribute();
}
}
but I only managed to access the roles, not the url patterns.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
加载应用程序上下文后,使用命名空间支持声明的配置不以相同的“格式”存在。
如果要保留角色映射信息,则需要在配置解析时访问它 - 并保存所需的数据以供将来使用。您可以通过子类化 org.springframework.security.config.http.HttpSecurityBeanDefinitionParser、读取所需的数据并委托给 super 来实现此目的。
请参阅 Spring Security 3 - 附录 D . 可扩展的 XML 创作,用于使用自定义
BeanDefinitionParser实现。The configuration declared using a namespace support does not exists in the same "format" after application context is loaded.
If you want to preserve the role mapping information, you need to access it while configuration parsing - and save the data you need for the future use. You can do this by subclassing
org.springframework.security.config.http.HttpSecurityBeanDefinitionParser, reading the data you want and delegating tosuper.See Spring Security 3 - Appendix D. Extensible XML authoring for usage of custom
BeanDefinitionParserimplementations.也许您可以检查
FilterChainProxy类的getFilterChainMap() 方法是否为您提供了相关信息。Perhaps you can check if
getFilterChainMap() method ofFilterChainProxyclass gives you the relevant info.