问题
Is there a way to check my class object permissions directly from my code instead of having the annotation model,
@PostAuthorize("hasPermission(returnObject, 'WRITE')")
public BaseData getSingle(Long id);
回答1:
Assuming you're intending to use the ACL module, the expression is implemented in AclPermissionEvaluator. So you can wire up an instance of that with an AclService, inject it into the classes that need it and call the hasPermission method directly.
回答2:
At-last after several tries i could achieve to get the solution, following is the code
acl-conf.xml
...
<bean class="org.springframework.security.acls.AclPermissionEvaluator" id="permissionEvaluator">
<constructor-arg ref="aclService"/>
</bean>
...
samplecontroller.java
@Autowired
private PermissionEvaluator permissionEvaluator ;
Permission permission = BasePermission.WRITE;
permissionEvaluator.hasPermission(authentication,aclObject,permission);
....
Hope this is helpful.
来源:https://stackoverflow.com/questions/10866458/how-do-i-check-my-object-permissions-in-spring-security-acl-instead-of-using-has