2023年3月7日 23:23:17go评论51阅读模式

英文:

Custom AuthorizationManager<MethodInvocation> does not trigger the `check` method

问题

根据这个 Spring Security 文档，我添加了一个自定义的 AuthorizationManager<MethodInvocation>。

在这个 bean 被触发时：

@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public Advisor customAuthorize() {
    JdkRegexpMethodPointcut pattern = new JdkRegexpMethodPointcut();
    pattern.setPattern("xxx.*");

    AuthorizationManager&lt;MethodInvocation&gt; rule = new CustomAuthorizationManager();
    AuthorizationManagerBeforeMethodInterceptor interceptor = new AuthorizationManagerBeforeMethodInterceptor(pattern, rule);
    interceptor.setOrder(AuthorizationInterceptorsOrder.PRE_AUTHORIZE.getOrder() - 1);
    return interceptor;
}

下面的 check 方法根本不触发 UnsupportedOperationException：

public class CustomAuthorizationManager implements AuthorizationManager&lt;MethodInvocation&gt; {
    @Override
    public AuthorizationDecision check(Supplier&lt;Authentication&gt; authentication, MethodInvocation object) {
        throw new UnsupportedOperationException("未实现的方法 &#39;check&#39;");
    }
}

您有什么建议，我在这里漏掉了什么吗？

英文:

According to
this documentation of spring security I added a custom AuthorizationManager<MethodInvocation>

While the bean got triggered

@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public Advisor customAuthorize() {
	JdkRegexpMethodPointcut pattern = new JdkRegexpMethodPointcut();
	pattern.setPattern(&quot;xxx.*&quot;);

	AuthorizationManager&lt;MethodInvocation&gt; rule = new CustomAuthorizationManager();
	AuthorizationManagerBeforeMethodInterceptor interceptor = new AuthorizationManagerBeforeMethodInterceptor(pattern, rule);
	interceptor.setOrder(AuthorizationInterceptorsOrder.PRE_AUTHORIZE.getOrder() - 1);
	return interceptor;
}

Below check method does not trigger the UnsupportedOperationException at all.

public class CustomAuthorizationManager implements AuthorizationManager&lt;MethodInvocation&gt; {
    @Override
    public AuthorizationDecision check(Supplier&lt;Authentication&gt; authentication, MethodInvocation object) {
        throw new UnsupportedOperationException(&quot;Unimplemented method &#39;check&#39;&quot;);
    }
}

Any advice what I am missing here?

答案1

得分: 0

这是由于JdkRegexpMethodPointcut表达式造成的。它没有匹配到Controllers命名空间。在我的情况下，我不得不将它设置为以下内容：

pattern.setPattern("de.domain.subdomain.Controller.*");

英文:

Its because of the JdkRegexpMethodPointcut expression. This did not match the Controllers namespace. In my case I had to set it the following

pattern.setPattern(&quot;de.domain.subdomain.Controller.*&quot;);

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

自定义的 AuthorizationManager<MethodInvocation> 不会触发 `check` 方法。

问题

答案1

添加（自定义）解码器到WebMVC端点

如何在Spring Data JPA中跳过关联数据？

如何在Spring中使用@Conditional注解有条件地解决Bean依赖关系

如何在Spring Boot中限制`application/octet-stream`请求的主体？

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论