Prevent Method call without Exception using @PreAuthorize Annotation

前端未结

关注

 3  1690

抹茶落季 2021-01-01 02:25

We are using Spring Security 3. We have a custom implementation of PermissionEvaluator that has this complex algorithm to grant or deny access at method lev

3条回答

隐瞒了意图╮ (楼主)

2021-01-01 02:51
Ok I found a way to prevent the AccessDeniedException. However this doesnt solves the problem. The excecution of the rest of the code now contunies normaly, however the secured method call is not prevented even when hasPermission returns false.

This is how I managed to prevent the AccessDeniedException from stoping everything:

You need to implement an AccessDecisionManager where you prevent the AccessDeniedException propagation. Thats the easy part. Mine looks like this:
```
public class SkipMethodCallAccessDecisionManager extends AffirmativeBased {
    @Override
    public void decide(Authentication authentication, Object object, Collection configAttributes){
        try{
            super.decide(authentication, object, configAttributes);
        }catch(AccessDeniedException adex){
            logger.debug("Access Denied on:" + object);
        }
    }
}
```
Then the tricky part... setting up the application context.
```
    
        
            
                
            
            
                     
        
    



    
```
Any ideas on how to prevent the method from being called without stopping everything?
0 讨论(0)

查看其它3个回答
发布评论:

提交评论
- 加载中...