问题将Session bean注入允许evaluator
我有一个用于详细授权的设置,在该设置中,我会得到一个会话bean检查用户是否已登录。但是,这似乎不起作用,因为会话bean变得无效,即使在其他类中也有同样的方式工作。 我想访问以下课程中的会话bean:
package spring.boardgame.registerboardgame.session;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.DenyAllPermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.beans.factory.annotation.Autowired;
import java.io.Serializable;
import java.util.Map;
import javax.annotation.Resource;
public class SessionAuthentication implements PermissionEvaluator{
@Resource(name = "returnSession")
Session session;
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
System.out.println("evaluating lower");
if(this.session == null || this.session.getUser() == null){
return false;
}else{
return true;
}
}
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
System.out.println("evaluating even lower");
if(this.session == null || this.session.getUser() == null){
return false;
}else{
return true;
}
}
}
在“正常”课程中,这项工作完全不错,那么我在这里做错了什么? 这些豆是在这里启动的:
package spring.boardgame.registerboardgame.session;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SessionConfiguration {
@Bean
public Session returnSession() {
return new Session();
}
}
I have a setup for detailed authorization where I get a session bean to check if a user is logged in. This however do not seem to work, as the session bean become null, even if doing the same way have worked fine in other classes.
I want to access a Session Bean in the follow class:
package spring.boardgame.registerboardgame.session;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.DenyAllPermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.beans.factory.annotation.Autowired;
import java.io.Serializable;
import java.util.Map;
import javax.annotation.Resource;
public class SessionAuthentication implements PermissionEvaluator{
@Resource(name = "returnSession")
Session session;
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
System.out.println("evaluating lower");
if(this.session == null || this.session.getUser() == null){
return false;
}else{
return true;
}
}
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
System.out.println("evaluating even lower");
if(this.session == null || this.session.getUser() == null){
return false;
}else{
return true;
}
}
}
This work totally fine in "normal" classes, so what do I do wrong here?
The Beans are initiated here:
package spring.boardgame.registerboardgame.session;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SessionConfiguration {
@Bean
public Session returnSession() {
return new Session();
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在受到谷歌搜索的启发之后,我终于能够解决这个问题。确实,似乎从实现权限审查的sessionauthentication类中获取会话bean不起作用。
但是,工作的工作是将Session Bean注入了类,该类别使用允许的evaluator接口创建了类:
然后从上面更改代码:
这完全可以。
I finally were able to solve this after being inspired by some Googling. It do indeed seem that getting the session bean from the SessionAuthentication class that implement the permissionEvaluator does not work.
However, what did work was injecting the session bean into the class that created the class with the permissionEvaluator interface like this:
And then changing the code from above to this:
And this works totally fine.