英文:
SpringBoot @PreAuthorize with String.contains or regex in hasAuthority
问题
我正在使用Spring Boot(2.7.6),并且正在查看@PreAuthorize注解。
我想知道如何在hasAuthority方法中使用String.Contains或regex匹配来检查有效的权限。
例如,我有以下权限:
MYAPI_ORDER_PROCESSING_DEV
MYAPI_ORDER_PROCESSING_PROD
MYAPI_ORDER_TRACKING_DEV
MYAPI_ORDER_TRACKING_PROD
在某些情况下,我可能只需要MYAPI_ORDER_PROCESSING_DEV,在这种情况下,我可以使用:
@PreAuthorize("hasAuthority('MYAPI_ORDER_PROCESSING_DEV')")
在其他情况下,我可以检查任何数量的权限,如:
@PreAuthorize("hasAnyAuthority(
'MYAPI_ORDER_PROCESSING_DEV',
'MYAPI_ORDER_PROCESSING_PROD',
'MYAPI_ORDER_TRACKING_DEV',
'MYAPI_ORDER_TRACKING_PROD')")
这对我来说都很清楚和有效,但如果我有很长的权限列表,这可能会变得很长和复杂。
我想知道是否有一种方法可以使用String.contains(substring)或regex来匹配多个权限。例如,类似于:
@PreAuthorize("hasAuthority(authorityString.contains('MYAPI_ORDER_'))")
这将匹配上述的所有4个权限。
英文:
I am using Spring Boot (2.7.6) and I am looking at @PreAuthorize annotation.
I am wondering how can I use String.Contains or regex matching to check for valid authorities within hasAuthority method.
For example, I have following authorities:
MYAPI_ORDER_PROCESSING_DEV
MYAPI_ORDER_PROCESSING_PROD
MYAPI_ORDER_TRACKING_DEV
MYAPI_ORDER_TRACKING_PROD
In some cases, I might just need MYAPI_ORDER_PROCESSING_DEV in which case, I can use
@PreAuthorize("hasAuthority('MYAPI_ORDER_PROCESSING_DEV')
In other cases, I can check for any of number of authorities like:
@PreAuthorize("hasAnyAuthority(
'MYAPI_ORDER_PROCESSING_DEV',
'MYAPI_ORDER_PROCESSING_PROD',
'MYAPI_ORDER_TRACKING_DEV',
'MYAPI_ORDER_TRACKING_PROD')
This is all clear and working for me, but this might get to long and complicated if I have a long list of authorities.
I wonder if there is a way to use String.contains(substring) or regex to match multiple authorities. For example, something like:
@PreAuthorize("hasAuthority(authorityString.Contains('MYAPI_ORDER_')
, which would match all 4 authorities above.
答案1
得分: 1
你可以创建一个处理检查权限逻辑的组件:
```java
@Component
public class AuthorityHelper {
public boolean hasAuthorityContaining(Authentication authentication, String substring) {
return authentication.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.anyMatch(i -> i.contains(substring));
}
}
由于@PreAuthorize支持SpEL表达式,可以定义如下:
@PreAuthorize("@authorityHelper.hasAuthorityContaining(authentication, 'MYAPI_ORDER_')")
authentication是与方法调用关联的内置Authentication实例,其中包含权限等其他数据。
<details>
<summary>英文:</summary>
You can create a component that handles the logic for checking authorities:
```java
@Component
public class AuthorityHelper {
public boolean hasAuthorityContaining(Authentication authentication, String substring) {
return authentication.getAuthorities().stream()
.map(GrantedAuthority::getAuthority)
.anyMatch(i -> i.contains(substring));
}
}
Since @PreAuthorize supports SpEL expressions, it can be defined as follows:
@PreAuthorize("@authorityHelper.hasAuthorityContaining(authentication, 'MYAPI_ORDER_')")
authentication is a built-in Authentication instance associated with the method invocation and it contains authorities among other data.
Reference: Spring Documentation - Expressing Authorization with SpEL
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论