+-
  1. 首页
  2. Spring
  3. 正文
Spring 3.2:根据Spring Security角色过滤Jackson JSON输出
有没有什么好的方法可以根据 Spring Security角色过滤 JSON输出?我正在寻找像@JsonIgnore这样的东西,但是对于角色,比如@HasRole(“ROLE_ADMIN”).我该如何实现呢?
最佳答案
对于那些从谷歌登陆的人来说,这是一个与Spring Boot 1.4类似的解决方案.

为每个角色定义界面,例如

public class View {
    public interface Anonymous {}

    public interface Guest extends Anonymous {}

    public interface Organizer extends Guest {}

    public interface BusinessAdmin extends Organizer {}

    public interface TechnicalAdmin extends BusinessAdmin {}
}

在您的实体中声明@JsonView,例如

@Entity
public class SomeEntity {
    @JsonView(View.Anonymous.class)
    String anonymousField;

    @JsonView(View.BusinessAdmin.class)
    String adminField;
}

并定义一个@ControllerAdvice以根据角色选择正确的JsonView:

@ControllerAdvice
public class JsonViewConfiguration extends AbstractMappingJacksonResponseBodyAdvice {

    @Override
    public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
        return super.supports(returnType, converterType);
    }

    @Override
    protected void beforeBodyWriteInternal(MappingJacksonValue bodyContainer, MediaType contentType,
                                           MethodParameter returnType, ServerHttpRequest request, ServerHttpResponse response) {

        Class<?> viewClass = View.Anonymous.class;

        if (SecurityContextHolder.getContext().getAuthentication() != null && SecurityContextHolder.getContext().getAuthentication().getAuthorities() != null) {
            Collection<? extends GrantedAuthority> authorities = SecurityContextHolder.getContext().getAuthentication().getAuthorities();

            if (authorities.stream().anyMatch(o -> o.getAuthority().equals(Role.GUEST.getValue()))) {
                viewClass = View.Guest.class;
            }
            if (authorities.stream().anyMatch(o -> o.getAuthority().equals(Role.ORGANIZER.getValue()))) {
                viewClass = View.Organizer.class;
            }
            if (authorities.stream().anyMatch(o -> o.getAuthority().equals(Role.BUSINESS_ADMIN.getValue()))) {
                viewClass = View.BusinessAdmin.class;
            }
            if (authorities.stream().anyMatch(o -> o.getAuthority().equals(Role.TECHNICAL_ADMIN.getValue()))) {
                viewClass = View.TechnicalAdmin.class;
            }
        }
        bodyContainer.setSerializationView(viewClass);
    }
}
点击查看更多相关文章

转载注明原文:Spring 3.2:根据Spring Security角色过滤Jackson JSON输出 - 乐贴网

Spring BootSpring CloudDockerSpringnode.jsangularreact-nativeavalondjangovue.jshadoop.net

热门推荐

相关推荐