发表新帖
发表新帖

spring security : Why can't we access Hibernate entitiy parameters in @PreAuthorize?

前端 未结
关注
4 1976
傲寒
傲寒 2021-01-19 19:34

I have the following interface method on which I am applying @PreAuthorize :

@PreAuthorize(\"doSomething(#user.id)\")
void something(User user,
4条回答
  • 礼貌的吻别
    礼貌的吻别 (楼主)
    2021-01-19 19:52

    I need to add something to this as the title indicates that we cannot access hibernate properties.

    There are two editions of hasPermission, the loaded object and the serialized object. Here is some code from a test case: 

    @PreAuthorize("isAuthenticated() and hasPermission(#organization, 'edit')")
public long protectedMethod(Organization organization)
{
    return organization.getId();
}

    And for the latter here we see that we can infact access the id proprty of the organization (which is a hibernate entity):

    @PreAuthorize("isAuthenticated() and hasPermission(#organization.getId(), 'organization', 'edit')")
public long protectedMethodSerializableEdtion(Organization organization)
{
    return organization.getId();
}

    0 讨论(0)
 看不清?
提交回复
热议问题