在我的 spring 项目中,我最近在我的 jsp 页面中添加了这个标签:
<sec:authorize access="hasPermission(#user, 'altera_usuario')">
col.append('<button type="button" class="btn btn-sm btn-primary link" data-action="${alteracao}/'+item.id+'">Editar</button>');
</sec:authorize>
<sec:authorize access="hasPermission(#user, 'remove_usuario')">
col.append('<button type="button" class="btn btn-sm btn-primary link" data-action="${remocao}/'+item.id+'">Remover</button>');
</sec:authorize>
允许我控制向用户显示的内容。但是 eclipse 显示与此标签相关的错误(它们标有红色下划线),这不会阻止构建项目。当我运行项目并打开页面时,尽管用户有权限,但标签内的元素没有显示。
有人知道这里出了什么问题吗?
ps.: 本页完整代码:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ include file="../../include/include.jsp" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Lista de usuários</title>
</head>
<body>
<c:url value="/usuario/cadastra" var="cadastro"/>
<c:url value="/usuario/altera" var="alteracao"/>
<c:url value="/usuario/remove" var="remocao"/>
<c:url value="/permissao/altera" var="permissao"/>
<p>
<sec:authorize access="hasPermission(#user, 'cadastra_usuario')">
<button type="button" class="btn btn-sm btn-link link" data-action="${cadastro}">
cadastrar novo usuário
</button>
</sec:authorize>
</p>
<table class="bordered">
<thead>
<tr>
<th>#</th>
<th>Login</th>
<th>Nome</th>
<th>Sobrenome</th>
<th>E-Mail</th>
<th>#</th>
</tr>
</thead>
<tbody class="content">
</tbody>
</table>
<c:url value="/usuario/listagem.json" var="lista"/>
<script>
$(document).ready(function(){
var url = "<c:out value="${lista}"/>";
$.get(url, function(data){
var json = jQuery.parseJSON( data );
$.each(json.usuario, function(index, item){
var row = $('<tr id=user'+item.id+'>');
row.append('<td>'+item.id+'</td>');
row.append('<td>'+item.login+'</td>');
row.append('<td>'+item.pnome+'</td>');
row.append('<td>'+item.unome+'</td>');
row.append('<td>'+item.email+'</td>');
var col = $('<td>');
<sec:authorize access="hasPermission(#user, 'altera_usuario')">
col.append('<button type="button" class="btn btn-sm btn-primary link" data-action="${alteracao}/'+item.id+'">Editar</button>');
</sec:authorize>
<sec:authorize access="hasPermission(#user, 'remove_usuario')">
col.append('<button type="button" class="btn btn-sm btn-primary link" data-action="${remocao}/'+item.id+'">Remover</button>');
</sec:authorize>
col.append('<button type="button" class="btn btn-sm btn-primary link" data-action="${permissao}/'+item.id+'">Permissões</button>');
row.append(col);
$('tbody.content').append(row);
});
});
});
</script>
</body>
</html>
最佳答案
使用 <sec:authorize access="hasPermission(...)"> 时未调用您的 PermissionEvaluator 实现根据报错信息(DenyAllPermissionEvaluator是Spring Security的默认实现)。
在您的 Spring Security 配置中尝试以下设置:
<http use-expressions="true" ...>
<expression-handler ref="webExpressionHandler"/>
...
</http>
<beans:bean id="webExpressionHandler"
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler">
<beans:property name="permissionEvaluator" ref="permissionEvaluator" />
</beans:bean>
<beans:bean id="permissionEvaluator" class="your.PermissionEvaluator" />
希望这对您有所帮助。
关于java - 使用标签 <sec :authorize> in the jsp pages displaying an error in eclipse,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24035760/