There is an Spring security-related problem (dynamic authorization)

as a general practice, permissions have been assigned to the corresponding method in the controller layer, for example:

PreAuthorize
Secured
RolesAllowed

however, this way to change the code when adjusting permissions, the most annoying, while writing code, but also thinking about what appropriate permissions should be given.

in this way, it is expected that after the encoder completes the interface, after the program starts, the corresponding role of the URL/ or controller layer method is queried from DB, and then the permissions related to Spring Security are directly called to scan (such as the initial processing of the above notes), and then the permissions are loaded. You can verify the user role later.

then the question arises: how to find initialization methods for PreAuthorize , Secured , RolesAllowed annotations, and do these methods provide public interfaces for programs to call?

I would appreciate it if someone could give me some advice.

Spring

Feb.27,2021

here the security framework is used in springboot.

the specific process is as follows:

class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private CustomAuthenticationProvider authProvider
   

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 
        auth.authenticationProvider(authProvider)
    }
}

@Component
class CustomAuthenticationProvider implements AuthenticationProvider {

  
    @Override
    Authentication authenticate(Authentication authentication) throws AuthenticationException {
       
       // ...
       
       //  token  SimpleGrantedAuthority
       List list = new ArrayList();
       list.put(new SimpleGrantedAuthority("Expert"))
       return new UsernamePasswordAuthenticationToken(session, token,list )
   

    }
}

//  Expert  SimpleGrantedAuthority  role
@PostMapping("/add")
@PreAuthorize("hasAuthority('Expert')")
Response<?> release(@RequestBody Request req) {
   //....
}

temporarily traverses the interface ID, that matches the in-memory RequestMapper path > custom annotations through AntPathMatcher, and then finds the corresponding roles in DB to intersect with the user's roles to achieve the function.
if the amount of data is large, you may have to go to the AOP/ControllerAdvise intercept Controller layer, and then read custom annotations to query roles and compare with users.

Previous: Is AmazeUI not updated?

Next: Scale3d only magnifies the length and width of the element. how can the problems within the element become larger proportionally rather than stretch and deform?

Springboot @ RequestBody cannot get the content-type= "application/json" request data
now I want to get a content-type=application json callback data. Oddly enough, I can t get the data using @ RequestBody, as shown in the following code: @Data public class BaiduDocNofityResponse { private String messageId; private String messa...

Spring springboot

Feb.26,2021
Why did you get the RequestAttributes? of the last request in FrameworkServlet.processRequest ()?
Why should first get the LocaleContext and RequestAttributes, of the last request saved in the processRequest method of FrameworkServlet in springmvc and finally restore LocaleContext and RequestAttributes in finally ? What s the point of doing this? ...

Source-code source-code-analysis spring spring-mvc

Feb.26,2021
After Maven has set SpringBoot Profile, the @ Value ("${xx}") value cannot be accessed. How to solve this problem?
Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder alipay.app_id in value "${alipay.app_id}" Project structure I wrote it in application.properties before it was not configured. I can get the value by using...

Maven profile springboot spring

Feb.26,2021
The maven project uses jetty to run the error message.
the error report is as follows: [ERROR] Failed to execute goal org.mortbay.jetty:jetty-maven-plugin:8.1.16.v20140903:run (default-cli) on project tccglxt4j: Failure: Address already in use: bind-> [Help 1] [ERROR] [ERROR] To see the full stack trace ...

Spring jetty maven

Feb.26,2021
Why did spring fail to automatically match fields?
Why did spring fail to automatically match fields? Wechat s front end reads as follows: Java: ...

Webapi spring-mvc spring java

Feb.26,2021
How does shiro capture non-login status?
use springboot + shiro for permission control, and access will be redirected to login.jsp when you are not logged in. If the front and back ends are separated and nginx is used as a proxy, cross-domain problems will occur. : ...

Springboot shiro java

Feb.26,2021
Mybatis .xml files in spring-boot can only be placed under resources/mapper/?
the .xml file of mybatis in spring-boot can only be placed under resources mappper, like this: put together with the interface, not uniformly placed under the resources mapper, separate, easy to manage. thanks! ...

Mybatis springboot

Feb.26,2021
How does spring security do login authentication in the case of federated primary keys?
for example, it takes two fields to uniquely determine the login person, but the verification method loadUserByUsername has only one parameter of userName, so it is impossible to pass two parameters. How can login verification be realized? ...

Spring-security

Feb.26,2021
What is the use of SCOPED_TARGET_NAME_PREFIX in AbstractHandlerMethodMapping?
excuse me: String SCOPED_TARGET_NAME_PREFIX = "scopedTarget. "; under what circumstances will this prefix be used? public abstract class AbstractHandlerMethodMapping<T> extends AbstractHandlerMapping implements InitializingBean { ** ...

Source-code-analysis source-code spring-mvc spring

Feb.26,2021
Vue axios spring boot cross-domain access reported error 302 multiple submission requests
Front-end proxy server interface controlleraxios postaxiosgetoption tried to implement the filter interface in the background, but it didn t work. Later, I deleted it. Anyway, I have tried many methods that can be found on the Internet . ...

Spring java

Feb.27,2021
Annotation invalidation of dao interface using mybatis @ CacheNamespace cache
use mybatis to configure custom secondary cache. Using xml annotation can use < cache type= "com.test.dao.MybatisRedisCache " > to successfully use custom cache, but using @ CacheNamespace (implementation = MybatisRedisCache.class) on the dao i...

Java spring mybatis redis mysql

Feb.27,2021
Springboot docker deployment startup issu
the image of centos7 starting springboot always indicates that the port is occupied, but I m pretty sure that the port is not occupied, and the other port is still occupied which god knows what s going on ...

Docker springboot

Feb.27,2021
The .log file could not be found
Import project prompt error: log4j:ERROR setFile (null,true) call failed. java.io.FileNotFoundException: d:classnet.log (the system cannot find the specified path.) ask for the guidance of the gods! ^ _ ^ ...

Struts spring eclipse javascript java

Feb.27,2021
How does spring security loginPage become dynamic?
by default loginPage is login No matter what url path you enter, it will automatically jump to the login page for example, typing: localhost:9090 login 123 in the URL column of the browser will automatically jump to localhost:9090 login, becau...

Java spring spring-security

Feb.28,2021
How to use mongodb for ifelse Operation in spring boot
data stores a field type (as an enumeration). When querying, it needs to be processed separately by using ifelse or switch, for example, 1 is converted to normal. I ve implemented it with the MongoDB statement, but how do I handle it in the springboot ...

Java mongodb spring

Feb.28,2021
The Gradle build command builds on a SpringCloud project, and when executed to a subproject, prompts that the package does not exist
the whole project is based on spring cloud . build.gradle configuration of the parent project: group com.xxx.yyy version 0.1.0 buildscript { ext { springBootVersion = 1.5.10.RELEASE } repositories { mavenCe...

Gradle springcloud java

Feb.28,2021
Spring mvc
spring mvc uses the @ PostMapping,url path similar to this: xxx yyy {uid} runs using the jetty container. when postman simulates a request, the path must be xxx yyy {uid} ? uid=11111 to get the request; but using tomcat only needs xxx yyy 11...

Java spring

Feb.28,2021
How to solve the problem of failure when swagger2 (vVRV 2.7) uses fastjson (VRV 1.2.40) to convert messages?
when you visit http: localhost:8080 swagger-ui.html in generating api using swagger2, the page displays: fetching resource list: http: localhost:8080 v2 api-docs; Please wait. returns an empty json string {} when accessing http: localhost:808...

Spring-mvc swagger fastjson

Feb.28,2021
How does Spring Boot load static resources?
how does SpringBoot access the page? I returned the string "login " at controller. It didn t access the login.html page. Do I need to add thymeleaf dependencies? ...

Springboot java

Feb.28,2021
When developing a spring project, the front and back ends need to return different data, how to deal with it
I am a java rookie, ask some rookie questions? use spring-boot to develop projects, spring-data-jpa to access databases, there are many fields in the database, but only some of them are used by the client, while the data needed by the background is ...

Springboot java

Feb.28,2021