如何允许某些用户仅在春季启动 /弹簧安全性的端点中访问自己的数据？

发布于 2025-02-12 23:30:33 字数 941 浏览 0 评论 0原文

我有一个问题，该问题与应用程序列表限制给我的应用程序中的特定用户有关。我得到了一个API：“/api/v1/{userId}/products”，我想在我已经在AdminRestController中使用的UserRestController中使用分页：

@GetMapping
    public Response<Page<Product>> getProductPage(@PageableDefault(sort = "id") Pageable pageable) {
        return Response.ok(productService.findAll(pageable));
    }

我已经阅读了一些线程并找到了一些解决方案，并使用“ @preAuthorize（” @preAuthorize（“＃”＃） userId == authentication.principal.id“）”。现在，我想在userRestController的端点中实现分页，该分页仅应返回与特定用户相关的产品列表（不是所有产品列表）。我试图使用以下内容：

@GetMapping("/api/v1/{userId}/products")
@PreAuthorize("#userId == authentication.principal.id")
public Response<Page<Product>> getProductPage(@PageableDefault(sort = "id") Pageable pageable) {
    SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    return Response.ok(productService.findAll(pageable));
}

但是我有访问问题，您能帮我弄清楚吗？

提前致谢！

原文

I have a question related to the limiting of the products list to specific User in my application. Ive got an API: "/api/v1/{userId}/products" and I want to use pagination in my UserRestController which I have already used in AdminRestController:

@GetMapping
    public Response<Page<Product>> getProductPage(@PageableDefault(sort = "id") Pageable pageable) {
        return Response.ok(productService.findAll(pageable));
    }

I have read some threads and find some solutions with "@PreAuthorize("#userId == authentication.principal.id")". Now, I want to implement pagination in my endpoint in UserRestController which should return only the products list related to the specific User (not the list of all products). I have tried to use the following:

@GetMapping("/api/v1/{userId}/products")
@PreAuthorize("#userId == authentication.principal.id")
public Response<Page<Product>> getProductPage(@PageableDefault(sort = "id") Pageable pageable) {
    SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    return Response.ok(productService.findAll(pageable));
}

But I have got the access problem, could you help me to figure out?

Thanks in advance!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

九八野马 2025-02-19 23:30:33

它已经在Spring-Secutiry和spring-data中实现。

在config中，您需要添加@bean以将您的principal在queriing中提供：

@Configuration
public class Conf{
    // `principal` provider for the Spring-Data JPQL requests
    @Bean
    public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
      return new SecurityEvaluationContextExtension();
    }
}

之后，您将要编写类似的内容：

@RepositoryRestResource(path = "datas", exported = true)
public interface DataRepository extends PagingAndSortingRepository<Data, Long> {

  @Override
  @Query(value = "Select d From Data d Where d.ownerId = ?#{principal?.username}")
  Page<Data> findAll(Pageable pageable);

}

另外，请阅读官方文档： https://docs.spring.io/spring-security/reference/features/features/integrations/data.html

It is already implemented into Spring-Secutiry and Spring-Data.

In config, you need to add a @Bean to provide your principal into the queriing :

@Configuration
public class Conf{
    // `principal` provider for the Spring-Data JPQL requests
    @Bean
    public SecurityEvaluationContextExtension securityEvaluationContextExtension() {
      return new SecurityEvaluationContextExtension();
    }
}

After that you'll be abble to write things like that :

@RepositoryRestResource(path = "datas", exported = true)
public interface DataRepository extends PagingAndSortingRepository<Data, Long> {

  @Override
  @Query(value = "Select d From Data d Where d.ownerId = ?#{principal?.username}")
  Page<Data> findAll(Pageable pageable);

}

Also, read the official doc : https://docs.spring.io/spring-security/reference/features/integrations/data.html

回复收藏 0 原文

~没有更多了~