gpt4 book ai didi

java - Spring 安全 : @PreAuthorize works only together with @RequestMapping

转载 作者:行者123 更新时间:2023-11-30 07:57:54 24 4
gpt4 key购买 nike

我有一个 Spring MVC Controller ,想用 Spring Method Security 来保护它。

在下面的示例中有效 - @RequestMapping@PreAuthorize注释相同的方法:

@Controller
public class MyController {

@RequestMapping(value = "/test", method = {RequestMethod.POST, RequestMethod.GET})
@PreAuthorize("isAuthenticated()")
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
return test(request, response);
}

public ModelAndView test(HttpServletRequest request, HttpServletResponse response) throws Exception {
...
}

在这个例子中它不起作用 - @RequestMapping@PreAuthorize注释不同的方法:

@Controller
public class MyController {

@RequestMapping(value = "/test", method = {RequestMethod.POST, RequestMethod.GET})
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
return test(request, response);
}

@PreAuthorize("isAuthenticated()")
public ModelAndView test(HttpServletRequest request, HttpServletResponse response) throws Exception {
...
}


这种奇怪行为的原因可能是什么?

最佳答案

在第二个示例中,test 方法直接从 handleRequest 方法调用。 Spring 没有机制来拦截来自同一个类中的方法调用。因此,永远不会调用 @PreAutorize 的代理/AOP 方法启动。

More on the topic of Spring Proxy

关于java - Spring 安全 : @PreAuthorize works only together with @RequestMapping,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40847301/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com