Autowired在CustomMethodSecurityExpressionRoot中不工作,始终返回NULL。这是自定义方法安全性。
public class CustomMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations {
Logger logger = LoggerFactory.getLogger(this.getClass());
private Object filterObject;
private Object returnObject;
@Autowired GraphTraversalSource g;
public CustomMethodSecurityExpressionRoot(Authentication authentication) {
super(authentication);
}
public boolean isMember(String orgId) {
System.out.println(g);
String user = this.authentication.getName();
logger.debug("Check the permission for the user {}", user);
System.out.println(g);
return true;
}
@Override
public void setFilterObject(Object obj) {
this.filterObject = obj;
}
@Override
public Object getFilterObject() {
return this.filterObject;
}
@Override
public void setReturnObject(Object obj) {
this.returnObject = obj;
}
@Override
public Object getReturnObject() {
return this.returnObject;
}
@Override
public Object getThis() {
return this;
}
}
也尝试了以下
public void setG(GraphTraversalSource g) {
this.g = g;
}
为什么它在g中总是以NULL返回。在其他地方的控制器/服务中,我得到了预期值Traversalsource[emptygraph[empty], standard]。
发现问题。g没有访问应用程序上下文的权限。我们需要在CustomMethodSecurityExpressionRoot实例中设置g才能使用它。
public class AuctionMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler {
private ApplicationContext applicationContext;
private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
@Override
protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
MethodInvocation invocation) {
AuctionMethodSecurityExpressionRoot root = new AuctionMethodSecurityExpressionRoot(authentication);
root.setPermissionEvaluator(getPermissionEvaluator());
root.setTrustResolver(this.trustResolver);
root.setRoleHierarchy(getRoleHierarchy());
root.setG(this.applicationContext.getBean(GraphTraversalSource.class));
return root;
}
@Override
public void setApplicationContext(ApplicationContext applicationContext) {
super.setApplicationContext(applicationContext);
this.applicationContext=applicationContext;
}
}
和
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
Logger logger = LoggerFactory.getLogger(this.getClass());
@Autowired
private ApplicationContext applicationContext;
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
CustomMethodSecurityExpressionHandler expressionHandler = new CustomMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(new CustomPermissionEvaluator());
expressionHandler.setApplicationContext(applicationContext);
logger.debug("Method security expression handler configured to CustomMethodSecurityExpressionHandler");
return expressionHandler;
}
}