{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Order of Spring @Transactional and Spring Security》','https://www.manongdao.com/q-1189884.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
So I have something like the following:
public interface MyService {
@PreAuthorize("hasPermission(T(Name).OBJ, T(Action).GET)")
MyObj getObj(String id);
}
@Service
public class MyServiceImpl implements MyService {
@Override
@Transactional
public MyObj getObj(String id){
return dao.get(id);
}
}
@Controller
public class MyController {
@Resource(name="myServiceImpl")
private MyService service;
public MyObj getObj(String id){
return service.getObj(id);
}
}
When the method getObj(id) is called, everything is wrapped in a transaction first, then authorization is checked. Is is possible to keep this configuration and first get Spring to check for authorization, then create the transaction if the user is authorized?
I've spent a good deal searching for an answer and could not find anything.
You can use
orderattribute when configuring@Transactional:Experiment with lower values to move transaction aspect after the authorization one. Looks like
<security:global-method-security/>also has this setting. The security aspect needs to have a higher value (lower priority) to be executed first.See also
Table 10.2. settings
7.2.4.7 Advice ordering