PagingAndSortingRepository如何实现PostFilter?
How Do I Implement PostFilter to PagingAndSortingRepository?
我正在寻找如何对 PagingAndSortingRepository 接口实施 @PostFilter 注释
我创建了自定义存储库 class 扩展
public interface PublishableEntityRepository<T, ID extends Serializable>
extends PagingAndSortingRepository<T, ID> {
@PostFilter("hasPermission(filterObject, 'read')")
Page<T> findAll(Pageable var1);
}
然后创建了自定义 PermissionEvaluator class
public class AccessPermissionEvaluator implements PermissionEvaluator {
@Override
public boolean hasPermission(Authentication authentication, Object o, Object o1) {
boolean hasPermission = false;
if (authentication != null) {
User user = (User) authentication.getPrincipal();
if (((PublishableEntity) o).getStatus().equals(AccessStatus.PUBLISHED)) {
hasPermission = true;
}
}
return hasPermission;
}
@Override
public boolean hasPermission(Authentication authentication, Serializable serializable, String s, Object o) {
return false;
}
}
但是,抛出 IllegalArgumentException:
RepositoryRestExceptionHandler - Filter target must be a collection or array type, but was Page 0 of 0 containing UNKNOWN instances
我知道有问题的 filterObject 是 Page class,那么我该如何过滤页面内容?
找到答案,它是使用 @Query 和带有安全扩展的 SpEL。
@NoRepositoryBean
public interface PublishableEntityRepository<T, ID extends Serializable>
extends PagingAndSortingRepository<T, ID> {
@PostFilter("hasPermission(filterObject, 'read')")
List<T> findAll();
@PostAuthorize("hasPermission(returnObject, 'read')")
T findOne(ID id);
// where entity.status is PUBLISHED or security SpEL with hasRole
@Query("select o from #{#entityName} o where o.status = 'PUBLISHED' " +
"or 1 = ?#{security.hasRole('ROLE_ADMIN') ? 1 : 0}")
Page<T> findAll(Pageable var1);
}
http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#data-query
我正在寻找如何对 PagingAndSortingRepository 接口实施 @PostFilter 注释
我创建了自定义存储库 class 扩展
public interface PublishableEntityRepository<T, ID extends Serializable>
extends PagingAndSortingRepository<T, ID> {
@PostFilter("hasPermission(filterObject, 'read')")
Page<T> findAll(Pageable var1);
}
然后创建了自定义 PermissionEvaluator class
public class AccessPermissionEvaluator implements PermissionEvaluator {
@Override
public boolean hasPermission(Authentication authentication, Object o, Object o1) {
boolean hasPermission = false;
if (authentication != null) {
User user = (User) authentication.getPrincipal();
if (((PublishableEntity) o).getStatus().equals(AccessStatus.PUBLISHED)) {
hasPermission = true;
}
}
return hasPermission;
}
@Override
public boolean hasPermission(Authentication authentication, Serializable serializable, String s, Object o) {
return false;
}
}
但是,抛出 IllegalArgumentException:
RepositoryRestExceptionHandler - Filter target must be a collection or array type, but was Page 0 of 0 containing UNKNOWN instances
我知道有问题的 filterObject 是 Page class,那么我该如何过滤页面内容?
找到答案,它是使用 @Query 和带有安全扩展的 SpEL。
@NoRepositoryBean
public interface PublishableEntityRepository<T, ID extends Serializable>
extends PagingAndSortingRepository<T, ID> {
@PostFilter("hasPermission(filterObject, 'read')")
List<T> findAll();
@PostAuthorize("hasPermission(returnObject, 'read')")
T findOne(ID id);
// where entity.status is PUBLISHED or security SpEL with hasRole
@Query("select o from #{#entityName} o where o.status = 'PUBLISHED' " +
"or 1 = ?#{security.hasRole('ROLE_ADMIN') ? 1 : 0}")
Page<T> findAll(Pageable var1);
}
http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#data-query