我已经添加了4个自定义验证器,以便在我的控制器中进行一些检查。其中3个在工作,但是 ValidObjectIdentity 一个不行。
这是我的constraint-mapping.xml
<constraint-mappings xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.org/xml/ns/javax/validation/mapping validation-mapping-1.1.xsd"
xmlns="http://jboss.org/xml/ns/javax/validation/mapping" version="1.1">
<bean class="org.springframework.security.acls.domain.AccessControlEntryImpl" ignore-annotations="true">
<field name="sid">
<constraint annotation="javax.validation.constraints.NotNull"/>
<constraint annotation="package.validation.SidExists"/>
<constraint annotation="package.validation.NonMatchingSid"/>
</field>
<field name="acl">
<constraint annotation="javax.validation.constraints.NotNull"/>
</field>
</bean>
<bean class="org.springframework.security.acls.domain.AclImpl">
<field name="objectIdentity">
<constraint annotation="javax.validation.constraints.NotNull"/>
<constraint annotation="package.validation.ValidObjectIdentity"/>
</field>
</bean>
<bean class="package.AccessControlEntryController">
<method name="create">
<parameter type="org.springframework.security.acls.model.AccessControlEntry">
<constraint annotation="package.validation.ValidEntry"/>
</parameter>
</method>
</bean>
</constraint-mappings>@RestController
@RequestMapping(value = "/acl")
@Validated
public class AccessControlEntryController {
@ResponseBody
@RequestMapping(value = "/entry", method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public AccessControlEntry create(@Valid @RequestBody AccessControlEntry entry){
return aclService.createAccessControlEntry(entry);
}
}为了便于参考,我将把 AccessControlEntryImpl 以及 AclImpl ```
public class AccessControlEntryImpl implements AccessControlEntry, AuditableAccessControlEntry {
private final Acl acl;
private Permission permission;
private final Serializable id;
private final Sid sid;
private boolean auditFailure = false;
private boolean auditSuccess = false;
private final boolean granting;}
public class AclImpl implements Acl, MutableAcl, AuditableAcl, OwnershipAcl {
private Acl parentAcl;
private transient AclAuthorizationStrategy aclAuthorizationStrategy;
private transient PermissionGrantingStrategy permissionGrantingStrategy;
private final List aces = new ArrayList<>();
private ObjectIdentity objectIdentity;
private Serializable id;
private Sid owner; // OwnershipAcl
private List loadedSids = null;
}
我可以看到正在工作的验证器与accesscontrolentry直接相关,但是 `ObjectIdentity` 与班级有关 `Acl` . 尽管 `AccessControlEntry` 有 `Acl` 类本身不会进入验证程序。有没有办法验证 `ObjectIdentity` 像其他人一样?
这是一个验证器,如果你想看的话@Target(value = ElementType.FIELD)
@Retention(value = RetentionPolicy.RUNTIME)
@Constraint(validatedBy = ValidObjectIdentityValidator.class)
public @interface ValidObjectIdentity {
String message() default "{package.ValidObjectIdentity.message}";
Class<?>[] groups() default {};
Class<? extends Payload>[] payload() default {};}
public class ValidObjectIdentityValidator implements ConstraintValidator<ValidObjectIdentity, ObjectIdentity> {
@Override
public boolean isValid(ObjectIdentity identity, ConstraintValidatorContext context) {
// Logic
}}
1条答案
按热度按时间hts6caw31#
我知道你希望
ValidObjectIdentity验证时触发AccessControlEntryImpl?默认情况下不会进行级联验证。你需要一个
@Valid上的注解AccessControlEntryImpl.acl或者<valid/>对应xmlMap的节点: