spring-security writing a custom PermissionEvaluat

2019-04-09 19:07发布

I'm working with Spring-Security and I need to implement my own PermissionEvaluator (following the answer to my other question.

However looking at the standard implementation AclPermissionEvaluator here I notice, that the DAO is set via the constructor.

If I declare my custom PermissionEvaluator like this:

<global-method-security secured-annotations="enabled" pre-post-annotations="enabled">
    <expression-handler ref="expressionHandler"/>
</global-method-security>

<beans:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
    <beans:property name="permissionEvaluator">
        <beans:bean id="permissionEvaluator" class="com.npacemo.permissions.SomePermissionsEvaluator"/>
    </beans:property>
</beans:bean>

where do I get my DAO into the Evaluator so that I can access data? Can I inject it, meaning is the PermissionEvaluator Spring managed? Or how do I get my dataProvider into the Evaluator?

1条回答
Evening l夕情丶
2楼-- · 2019-04-09 19:12

Just figured it out: The PermissionEvaluator is Spring managed, so

@Inject 
private PermissionManager permissionManager;

will work just fine.


edit: For our project we'll implement our own PermissionResolver probably extending the standard Implementation:

public class OurPermissionEvaluator extends AclPermissionEvaluator{


    public CombinedPermissionEvaluator(AclService aclService) {
        super(aclService);
    }

and injecting a custom ACLService (following this tutorial)

public class OurAclServiceImpl implements AclService {

where we retrieve ACL information from our custom database structure.

To wire it all we'll follow the spring-security contacts example:

<b:bean id="permissionEvaluator" class="path.to.OurPermissionEvaluator">
    <b:constructor-arg ref="aclService"/>
</b:bean>

where aclService has to be declared thus:

  <bean id="aclService" class="path.to.OurAclServiceImpl">
     <constructor args here... >
  </bean>
查看更多
登录 后发表回答