自定义的 AuthorizationManager<MethodInvocation> 不会触发 `check` 方法。

huangapple go评论66阅读模式
英文:

Custom AuthorizationManager<MethodInvocation> does not trigger the `check` method

问题

根据 这个 Spring Security 文档,我添加了一个自定义的 AuthorizationManager&lt;MethodInvocation&gt;

在这个 bean 被触发时:

@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public Advisor customAuthorize() {
    JdkRegexpMethodPointcut pattern = new JdkRegexpMethodPointcut();
    pattern.setPattern("xxx.*");

    AuthorizationManager&lt;MethodInvocation&gt; rule = new CustomAuthorizationManager();
    AuthorizationManagerBeforeMethodInterceptor interceptor = new AuthorizationManagerBeforeMethodInterceptor(pattern, rule);
    interceptor.setOrder(AuthorizationInterceptorsOrder.PRE_AUTHORIZE.getOrder() - 1);
    return interceptor;
}

下面的 check 方法根本不触发 UnsupportedOperationException

public class CustomAuthorizationManager implements AuthorizationManager&lt;MethodInvocation&gt; {
    @Override
    public AuthorizationDecision check(Supplier&lt;Authentication&gt; authentication, MethodInvocation object) {
        throw new UnsupportedOperationException("未实现的方法 &#39;check&#39;");
    }
}

您有什么建议,我在这里漏掉了什么吗?

英文:

According to
this documentation of spring security I added a custom AuthorizationManager&lt;MethodInvocation&gt;

While the bean got triggered

@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public Advisor customAuthorize() {
	JdkRegexpMethodPointcut pattern = new JdkRegexpMethodPointcut();
	pattern.setPattern(&quot;xxx.*&quot;);

	AuthorizationManager&lt;MethodInvocation&gt; rule = new CustomAuthorizationManager();
	AuthorizationManagerBeforeMethodInterceptor interceptor = new AuthorizationManagerBeforeMethodInterceptor(pattern, rule);
	interceptor.setOrder(AuthorizationInterceptorsOrder.PRE_AUTHORIZE.getOrder() - 1);
	return interceptor;
}

Below check method does not trigger the UnsupportedOperationException at all.

public class CustomAuthorizationManager implements AuthorizationManager&lt;MethodInvocation&gt; {
    @Override
    public AuthorizationDecision check(Supplier&lt;Authentication&gt; authentication, MethodInvocation object) {
        throw new UnsupportedOperationException(&quot;Unimplemented method &#39;check&#39;&quot;);
    }
}

Any advice what I am missing here?

答案1

得分: 0

这是由于JdkRegexpMethodPointcut表达式造成的。它没有匹配到Controllers命名空间。在我的情况下,我不得不将它设置为以下内容:

pattern.setPattern("de.domain.subdomain.Controller.*");
英文:

Its because of the JdkRegexpMethodPointcut expression. This did not match the Controllers namespace. In my case I had to set it the following

pattern.setPattern(&quot;de.domain.subdomain.Controller.*&quot;);

huangapple
  • 本文由 发表于 2023年3月7日 23:23:17
  • 转载请务必保留本文链接:https://go.coder-hub.com/75663884.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定