我有一个如下所示的自定义权限类,我使用@PreAuthorize来实现方法安全,它可以正常工作,但是我需要根据此类中的某些业务逻辑添加自定义响应标头,如果有人可以提供一些帮助的话这个领域,将有很大的帮助。
在控制器上
@ PreAuthorize(“ hasPermission('APP','GENERIC','VIEW')”)]
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler =
new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(new CustomPermissionEvaluator());
return expressionHandler;
}
}
public class CustomPermissionEvaluator implements PermissionEvaluator {
boolean dev = true;
public CustomPermissionEvaluator() {
}
public void init() {
}
@Override
public boolean hasPermission(
Authentication auth, Object targetDomainObject, Object permission) {
System.out.println("CustomPermissionEvaluator.hasPermission()-X");
if ((auth == null) || (targetDomainObject == null) || !(permission instanceof String)){
return false;
}
String targetType = targetDomainObject.getClass().getSimpleName().toUpperCase();
return hasPrivilege(auth, "X",targetType, permission.toString().toUpperCase());
}
@Override
public boolean hasPermission(
Authentication auth, Serializable category, String module, Object permission) {
String cat = (String) category;
System.out.println("CustomPermissionEvaluator.hasPermission()-Y "+module);
if ((auth == null) || StringUtils.isEmpty(module) || !(permission instanceof String)) {
return false;
}
return hasPrivilege(auth, cat,module.toUpperCase(), permission.toString().toUpperCase());
}
}
这可以在不久的将来对某人有所帮助,我能够以这种方式实现它。
HttpServletResponse resp = ((ServletRequestAttributes)RequestContextHolder.getRequestAttributes()).getResponse();
resp.setHeader("TEST", "TEST");