In order to create a new custom expression, you need to create a custom implementation of MethodSecurityExpressionOperations
and add a new operation to it.
(为了创建新的自定义表达式,您需要创建MethodSecurityExpressionOperations
的自定义实现,并向其添加新的操作。)
Note that you can extend SecurityExpressionRoot
to support default expressions: (请注意,您可以扩展SecurityExpressionRoot
以支持默认表达式:)
public class CustomMethodSecurityExpressionRoot
extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {
private Object filterObject;
private Object returnObject;
private Object target;
CustomMethodSecurityExpressionRoot(Authentication a) {
super(a);
}
@Override
public void setFilterObject(Object filterObject) {
this.filterObject = filterObject;
}
@Override
public Object getFilterObject() {
return filterObject;
}
@Override
public void setReturnObject(Object returnObject) {
this.returnObject = returnObject;
}
@Override
public Object getReturnObject() {
return returnObject;
}
void setThis(Object target) {
this.target = target;
}
@Override
public Object getThis() {
return target;
}
/**
* Custom 'isAdmin()' expression
*/
public boolean isAdmin() {
// TODO: Add implement
return true;
}
}
Next, you need extend DefaultMethodSecurityExpressionHandler
and make it to use CustomMethodSecurityExpressionRoot
:
(接下来,您需要扩展DefaultMethodSecurityExpressionHandler
并使其使用CustomMethodSecurityExpressionRoot
:)
public class CustomMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler {
@Override
protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation) {
CustomMethodSecurityExpressionRoot root = new CustomMethodSecurityExpressionRoot(authentication);
root.setPermissionEvaluator(getPermissionEvaluator());
root.setTrustResolver(new AuthenticationTrustResolverImpl());
root.setRoleHierarchy(getRoleHierarchy());
return root;
}
}
Finally, you should use CustomMethodSecurityExpressionHandler
in the configuration:
(最后,您应该在配置中使用CustomMethodSecurityExpressionHandler
:)
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
return new CustomMethodSecurityExpressionHandler();
}
}
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…