Creating New Roles and Permissions Dynamically in Spring Security 3

前端未结

关注

 5  1727

温柔的废话 2020-12-07 11:15

I am using Spring Security 3 in Struts 2 + Spring IOC project.

I have used Custom Filter, Authentication Provider etc. in my Project.

You can see my securi

5条回答

庸人自扰 (楼主)

2020-12-07 11:52
I would like to supplement Ralph's response about creating custom SpEL expression. His explanations helped very much on my attempt to find the right way to do this, but i think that they need to be extended.

Here is a way on how to create custom SpEL expression:

1) Create custom subclass of WebSecurityExpressionRoot class. In this subclass create a new method which you will use in expression. For example:
```
public class CustomWebSecurityExpressionRoot extends WebSecurityExpressionRoot {

    public CustomWebSecurityExpressionRoot(Authentication a, FilterInvocation fi) {
        super(a, fi);
    }

    public boolean yourCustomMethod() {
        boolean calculatedValue = ...;

        return calculatedValue;

    }
}
```
2) Create custom subclass of DefaultWebSecurityExpressionHandler class and override method createSecurityExpressionRoot(Authentication authentication, FilterInvocation fi) (not createEvaluationContext(...)) in it to return your CustomWebSecurityExpressionRoot instance. For example:
```
@Component(value="customExpressionHandler")
public class CustomWebSecurityExpressionHandler extends DefaultWebSecurityExpressionHandler {

    @Override
    protected SecurityExpressionRoot createSecurityExpressionRoot(
            Authentication authentication, FilterInvocation fi) {

        WebSecurityExpressionRoot expressionRoot = new CustomWebSecurityExpressionRoot(authentication, fi);

        return expressionRoot;
}}
```
3) Define in your spring-security.xml the reference to your expression handler bean
```
    ...

    
```
After this, you can use your own custom expression instead of the standard one:
0 讨论(0)

查看其它5个回答
发布评论:

提交评论
- 加载中...