问题描述

在我工作的项目中，我们根据角色 ID 而不是角色描述进行身份验证，并且此映射存储在数据库中.

In the project I am working we authenticate based on role ids rather than role description and this mapping is stored in the database.

我的问题是，如何去除 Spring Security 的 RoleVoter 前缀来实现上述设计?

My question is, How do I remove Spring Security's RoleVoter prefix to implement the design as above?

推荐答案

Spring security RoleVoter 需要一个前缀来区分作为角色的授予权限，请参阅此 答案 了解更多详情.

Spring security RoleVoterneeds a prefix in order to distinguish the granted authorities that are roles, see this answer for further details.

如果你想改变这个，你总是可以提供你自己的自定义 AccessDecisionManager 并使用自定义的RoleVoter`配置它.

If you want to change this, you can always provide your own custom AccessDecisionManager and configure it with a customRoleVoter`.

这是此类自定义访问决策管理器的示例:

This is an example of such a custom access decision manager:

public class MyAccessDecisionManager  extends AffirmativeBased {


    public MyAccessDecisionManager() {
        super();
        List<AccessDecisionVoter> decisionVoters = new ArrayList<AccessDecisionVoter>();
        RoleVoter roleVoter = new MyCustomRoleVoter();
        decisionVoters.add(roleVoter);
        AuthenticatedVoter authenticatedVoter = new AuthenticatedVoter();
        decisionVoters.add(authenticatedVoter);
        setDecisionVoters(decisionVoters);

    }

并使用它代替默认的访问决策管理器:

And for using it in place of the default access decision manager:

<bean id="myAccessDecisionManager" class="full.package.name.MyAccessDecisionManager" />

<security:http access-decision-manager-ref="myAccessDecisionManager">
    ...
</security:http>

这篇关于Spring Security 删除 RoleVoter 前缀的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！