问题描述
我有一个带有Spring Security的JSP.我有一个简单的标签,用于确定用户是否具有这样的ADMIN角色:
I have a JSP with Spring Security. I have a simple tag that determines if the user has an ADMIN role like this:
<sec:authorize access="hasRole('ADMIN')">
,效果很好.我现在正尝试在整个站点中使用许多角色来实现,因此我有一个UserAccess类,其中静态字符串作为我所有角色的常量.所以我尝试这个:
and works fine. I am now trying to implement across the site with many roles, so I have a UserAccess class with static Strings as constants for all my roles. so I try this:
<sec:authorize access="hasRole(UserAccess.ADMIN)">
但这是抛出:
Field or property 'UserAccess' cannot be found on object of type
'org.springframework.security.web.access.expression.WebSecurityExpressionRoot'
该类在类路径中,我可以使用<% .. %>等访问它.
处理此问题的最佳方法是什么?
The class is in the classpath, I can access it with <% .. %> etc...
What is the best way to handle this?
推荐答案
要引用hasRole中的实例,您需要使用特殊的T运算符并使用该类的完全限定名称.
To reference an instance inside hasRole you need to use the special T operator and use fully qualified name of the class.
<sec:authorize access="hasRole(T(package.UserAccess).ADMIN)">
这篇关于如何在Spring Security hasRole中使用常量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!