Spring Expression Language and Spring Security 3: accessing bean reference in @PreAuthorize
I\'m trying to access a bean reference in a @PreAuthorize annotation as follows:
@PreAuthorize(\"@testBean.getTestValue()\")
public String testSpEL() {
.
-
For anyone stuck on Spring Security 3.0.x I have a somewhat simple workaround. Add this class in your application-securityContext.xml (or whatever):
https://gist.github.com/3340059
It injects a BeanFactoryResolver into the Spring Security code, which is all the Spring Security 3.1.x fix has. Support for the syntax is already in 3.0.x. It allows you to use the syntax from 3.1.x, ala:
@PreAuthorize("@controller.theProperty")讨论(0) -
I have posted a similar question at SpringSource, it turns out that indeed the above feature is not yet supported in Spring Security 3.0.5. Luckily version 3.1.0.RC1 does support it, though with non-standard SpEL syntax:
@PreAuthorize("testBean.getTestValue()") public String testSpEL() { .... }Here is the url of the thread at SpringSource forum: SpringSource forum thread
Hope this helps someone!
讨论(0) -
In Spring Security 3.1 (since 3.1.RC2)
@PreAuthorize("testBean.getTestValue()")doesn't work - instead you must write
@PreAuthorize("@testBean.getTestValue()")See https://jira.springsource.org/browse/SEC-1723
讨论(0)
加载中...
- 热议问题