问题
My principle is an instance of 'foo' that has a collection of 'bars'. Each 'bar' has an id that I want to match with the 'id' passed as the resource requested. Can I do something like the following in Spring SpEL? And if so, how?
Example (psuedo syntax; cause I don't know the correct way which is why I am here)
@PreAuthorize("principal.transactions.contains(instance where dto.transactionId == instance.id")")
public SomeResponse processTransaction(RequestDto dto) {
...
}
Essentially the equivalent of this
for(Transaction t : principal.transactions){
if(t.getId() == dto.getTransactionId())
return true;
}
return false;
回答1:
I am not sure that it is possible to do in plain SpEL. But you can try a workaround:
@PreAuthorize("principal.hasTransactionId(#dto.transactionId)")
Then you need to add hasTransactionId(Integer transactionId) method to your principal. This method must return a boolean value.
来源:https://stackoverflow.com/questions/14406090/how-to-authenticate-against-a-collection-of-domain-objects-in-spring-expression