spring - 如何添加新角色?
问题描述
我有一个具有管理员和用户角色的用户,现在我需要添加 ROLE_SUPPORT 并将此角色限制为仅读取用户列表,我该怎么做?
public class UserController {
@Autowired
UserService userService;
@RequestMapping(value = "getAll", method = RequestMethod.POST)
public List<User> getUsers() throws IOException {
return userService.getUsers();
}
@PostMapping("save")
@ResponseStatus(HttpStatus.OK)
public void save(@RequestBody User user) {
userService.save(user);
}
@RequestMapping(value = "delete", method = RequestMethod.POST)
public void delete(@RequestBody User user) {
userService.delete(user);
}
@RequestMapping(value = "getUser", method = RequestMethod.POST, produces = "application/json;charset=UTF-8")
@ResponseBody
public User getUser(@RequestBody RequestDto requestDto) throws IOException {
return userService.getUser(requestDto.getId());
}
我想应该向这个控制器添加一个新方法,但我可能是错的
public class User extends BaseEntity<Integer> {
public enum Roles {
ADMIN
}
private String firstName;
private String lastName;
@Column(name = "username")
private String username;
@Convert(converter = PurshasedProductConverter.class)
private List<PurshasedProduct> purshasedProducts;
private String email;
private String activationCode;
@Convert(converter = AttachmentConverter.class)
private Attachment userAvatar;
public Attachment getUserAvatar() {
return userAvatar;
}
public void setUserAvatar(Attachment userAvatar) {
this.userAvatar = userAvatar;
}
@JsonProperty(access = Access.WRITE_ONLY)
private String password;
@JsonProperty(access = Access.WRITE_ONLY)
private String temporaryPassword;
@Convert(converter = StringArrayConverter.class)
private String[] roles;
private Date lastPasswordReset;
private Date dateCreated;
private Date dateUpdated;
private Date validatyTime;
private Boolean active;
public User() {
lastPasswordReset = dateCreated = dateUpdated = new Date();
roles = new String[]{"USER"};
}
也就是说,当使用支持角色请求时,应返回用户列表。
解决方案
Spring-Security 通过添加 @PreAuthorize 注释来提供这种支持
@RequestMapping(value = "getAll", method = RequestMethod.GET)
**@PreAuthorize("hasRole('ROLE_SUPPORT')")**
public List<User> getUsers() throws IOException {
return userService.getUsers();
}
推荐阅读
- c++ - 有趣的 C++ 依赖注入方案
- javascript - 在 Web Audio 中,为什么 contextTime 比 baseLatency 滞后 currentTime?
- oop - 实际类型随叫随到
- python - `setCalculateVarImportance` 更改导致 `cv2.ml.RTrees` 模型
- javascript - 我想在其子项处于活动状态时使父导航链接侧边栏处于活动状态(当前页面)
- sql - 使用联合联接查询需要 Oracle 联合澄清
- ng-zorro-antd - 有没有办法在反应形式中使用 nz-checkbox 或 nz-checkbox-group 或 nz-checkbox-wrapper
- php - 获取有关在 PHP LDAP 服务器上执行的任何更新的通知
- angular - 使用 Flex-Layout 的选定扩展面板的最大高度
- c - 这是对 realloc() 的正确使用吗?