@PostFilter 不适用于 Spring @Aspect
@PostFilter does not work with Spring @Aspect
我正在尝试做这样的事情:
@Component
@Aspect
class CustomAspect {
@Pointcut("within(@com.example.security.Check *)")
public void classAnnotatedWithCheck() {}
@Pointcut("execution(public * *(..))")
public void publicMethod() {}
@Pointcut("publicMethod() && classAnnotatedWithCheck()")
public void publicMethodInsideAClassMarkedWithCheck() {}
@Around(value = "publicMethodInsideAClassMarkedWithCheck()")
public Object execute(ProceedingJoinPoint point) throws Throwable {
return executeWithFilter(point);
}
@PostFilter(value = "hasPermission(filterObject, 'READ')")
private Object executeWithFilter(ProceedingJoinPoint point) throws Throwable {
return point.proceed();
}
}
Aspects 运行良好,但最后一种方法 executeWithFilter 没有过滤。同时,如果我将 @PostFilter(value = "hasPermission(filterObject, 'READ')") 添加到常规服务方法,过滤就会起作用。甚至可以在方面使用 @PostFilter 吗?
Spring Method Security 基于 AOP。
此外,来自 Spring AOP 参考文档:Declaring an Aspect
In Spring AOP, aspects themselves cannot be the targets of advice from
other aspects. The @Aspect annotation on a class marks it as an aspect
and, hence, excludes it from auto-proxying.
安全建议应应用于提供 @PostFilter 方法安全性的 bean,这在某个方面是不可能的。简而言之,Spring 安全性在某个方面不起作用。
我正在尝试做这样的事情:
@Component
@Aspect
class CustomAspect {
@Pointcut("within(@com.example.security.Check *)")
public void classAnnotatedWithCheck() {}
@Pointcut("execution(public * *(..))")
public void publicMethod() {}
@Pointcut("publicMethod() && classAnnotatedWithCheck()")
public void publicMethodInsideAClassMarkedWithCheck() {}
@Around(value = "publicMethodInsideAClassMarkedWithCheck()")
public Object execute(ProceedingJoinPoint point) throws Throwable {
return executeWithFilter(point);
}
@PostFilter(value = "hasPermission(filterObject, 'READ')")
private Object executeWithFilter(ProceedingJoinPoint point) throws Throwable {
return point.proceed();
}
}
Aspects 运行良好,但最后一种方法 executeWithFilter 没有过滤。同时,如果我将 @PostFilter(value = "hasPermission(filterObject, 'READ')") 添加到常规服务方法,过滤就会起作用。甚至可以在方面使用 @PostFilter 吗?
Spring Method Security 基于 AOP。
此外,来自 Spring AOP 参考文档:Declaring an Aspect
In Spring AOP, aspects themselves cannot be the targets of advice from other aspects. The @Aspect annotation on a class marks it as an aspect and, hence, excludes it from auto-proxying.
安全建议应应用于提供 @PostFilter 方法安全性的 bean,这在某个方面是不可能的。简而言之,Spring 安全性在某个方面不起作用。