发表新帖
发表新帖

spring security : Why can't we access Hibernate entitiy parameters in @PreAuthorize?

前端 未结
关注
4 2023
傲寒
傲寒 2021-01-19 19:34

I have the following interface method on which I am applying @PreAuthorize :

@PreAuthorize(\"doSomething(#user.id)\")
void something(User user,
4条回答
  • 醉酒成梦
    醉酒成梦 (楼主)
    2021-01-19 20:02

    You can check with the debugger what's going on in MethodSecurityEvaluationContext, inside Object lookupVariable(String name) method:

        @Override
    public Object lookupVariable(String name) {
    Object variable = super.lookupVariable(name);

    if (variable != null) {
        return variable;
    }

    if (!argumentsAdded) {
        addArgumentsAsVariables();
        argumentsAdded = true;
    }

    and so you can see what's really going on in the addArgumentsAsVariables() method as the convertion of method arguments to SPEL variables is implemented very clearly in Spring.

    0 讨论(0)
 看不清?
提交回复
热议问题