关于@EnableGlobalMethodSecurity(prePostEnabled=true)的解释:
开启基于方法的安全认证机制,也就是说在web层的controller启用注解机制的安全确认,
@ApiOperation(value = "获取用户列表", httpMethod = "GET")
@GetMapping
@PreAuthorize("hasAuthority('admin')")
//Authentication authentication,当前用户信息
public ResponseEntity<PageResult<UserVO>> list(Authentication authentication, UserDTO userDTO, @Min(1) @RequestParam(defaultValue = "1") Integer pageNo, @Max(100) @Min(5) @RequestParam(defaultValue = "10") Integer pageSize) {
System.out.println(authentication);
PageInfo<UserVO> listByPage = userService.getListByPage(userDTO, pageNo, pageSize);
PageResult<UserVO> result = new PageResult<>();
result.setTotal(listByPage.getTotal());
result.setData(listByPage.getList());
result.setTotalPage(listByPage.getPages());
result.setPageNO(pageNo);
result.setPageSize(pageSize);
return ResponseEntity.ok(result);
}
只有加了@EnableGlobalMethodSecurity(prePostEnabled=true) 那么在上面使用的 @PreAuthorize(“hasAuthority(‘admin’)”)才会生效
微信公众号