We have migrated to SpringBoot 3.4.1 recently and post that i have added custom permissionEvaluator which work for me with value like hasPermission(null,{'ROLE_VIEW'}) .
I want to get rid of passing null and make it look like hasPermission({'ROLE_VIEW'})
Below is how my token look like :
{
"sub": "test-client",
"lastName": "Admin",
"user_name": "admin",
"roles": [
"SE_ADMIN"
],
"iss": "http://localhost:8000",
"authorities": [
"ROLE_UPDATE",
"ROLE_VIEW"
],
"exp": 1742806186,
"iat": 1742805586
}
In my controller i want to use @PreAuthorize("hasPermission({'ROLE_VIEW'})") But it is not working .
I tried extending DefaultMethodSecurityExpressionHandler and overriding createSecurityExpressionRoot method. But looks like that is not allowed in Spring Boot 3.4.1
import .springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import .springframework.security.core.Authentication;
public class CustomMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler {
@Override
protected CustomSecurityExpressionRoot createSecurityExpressionRoot(Authentication authentication) {
// Create and return your custom expression root
CustomSecurityExpressionRoot root = new CustomSecurityExpressionRoot(authentication);
root.setPermissionEvaluator(getPermissionEvaluator());
root.setTrustResolver(getTrustResolver());
root.setRoleHierarchy(getRoleHierarchy());
return root;
}
}
getting error for createSecurityExpressionRoot to override
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744214930a4563508.html
评论列表(0条)