为了能够写出表达式,而不包名:
<sec:global-method-security>
<sec:expression-handler ref="methodSecurityExpressionHandler"/>
</sec:global-method-security>
<bean id="methodSecurityExpressionHandler" class="my.example.DefaultMethodSecurityExpressionHandler"/>
然后扩展DefaultMethodSecurityExpressionHandler:
public class DefaultMethodSecurityExpressionHandler extends org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler {
@Override
public StandardEvaluationContext createEvaluationContextInternal(final Authentication auth, final MethodInvocation mi) {
StandardEvaluationContext standardEvaluationContext = super.createEvaluationContextInternal(auth, mi);
((StandardTypeLocator) standardEvaluationContext.getTypeLocator()).registerImport("my.example");
return standardEvaluationContext;
}
}
现在创建my.example.Roles.java:
public class Roles {
public static final String ROLE_UNAUTHENTICATED = "ROLE_UNAUTHENTICATED";
public static final String ROLE_AUTHENTICATED = "ROLE_AUTHENTICATED";
}
,并参考其不包名称注释:的
@PreAuthorize("hasRole(T(Roles).ROLE_AUTHENTICATED)")
代替:
@PreAuthorize("hasRole(T(my.example.Roles).ROLE_AUTHENTICATED)")
使它更具可读性恕我直言。现在还键入角色。写:
@PreAuthorize("hasRole(T(Roles).ROLE_AUTHENTICATEDDDD)")
,你会得到一个不会在那里,如果你写的启动错误:
@PreAuthorize("hasRole('ROLE_AUTHENTICATEDDDD')")
伟大的作品,谢谢! – RobEarl
@RobEarl真棒很高兴我能帮到你。我也学到了一些东西。 –
Works,但它仍然是一个解释的字符串,所以当您重构例如Eclipse时,它不会被Eclipse“看到”。我猜的名字。 – yglodt