Spring Security Application Development (18) method-based authorization (ii) filtering

This article describes the two annotations @PreFilter and @PostFilter .

@PreFilter

@PreFilter is used to filter the parameters of the method. In this case, the parameter is usually a collection type, and the qualifying value is persisted in the collection, and is removed from the collection that does not meet the criteria. If you have more than one parameter for the collection type, you need to use A property of the @PreFilter filtertarget to specify the name of the parameter you want to come over.

@PostFilter.

@PostFilter is used to filter the results of a method. In this case, the return value is typically a collection type, and the qualifying value is persisted in the collection, and is not eligible to be removed from the collection.

the definition of @PreFilter annotation is as follows:

@Target ({elementtype.method, elementtype.type}) @Retention (retentionpolicy.runtime) @Inherited @documented   public @Interface  prefilter { public String value ();  Public default "";}

As you can see from the above definition, these annotations can be used on a type, in addition to being used on a method.

This article gives an example:

(1) writes the definition of the element type in the collection.

/*** @ClassName: userbean* @Description:*@author http://www.cnblogs.com/coe2coe/* @date May 30, 2017 pm 9:12:46**/ Public classUserBean { PublicUserBean (String name,intsalary) {Super(); This. Name =name; This. Salary =salary;}PrivateString name;Private intsalary;
 PublicString GetName () {returnname;} Public voidsetName (String name) { This. Name =name;} Public intgetsalary () {returnsalary;} Public voidSetsalary (intsalary) { This. Salary =salary;} @Override PublicString toString () {return"UserBean [name=" + name + ", salary=" + salary + "]";}}

(2) define the classes and methods that you want to authorize.

define the class and method, and define @PreFilter and @PostFilter Annotations on the method . The goal is to filter the parameter salarylist, keep only the salary>1000 elements, and then filter the return value, preserving only the name the length of the property is greater than 3 the element.

 Public classUserService {@PreFilter (filtertarget= "Salarylist", value= "Filterobject > 1000") @PostFilter ("FilterObject.name.length () >3") PublicList<userbean> getusers (list<string> namelist,list<integer>salarylist) {List<UserBean> users =NewArraylist<userbean>(); for(intI=0;i<namelist.size () &&i<salarylist.size (); i++) {Users.add (NewUserBean (Namelist.get (i), salarylist.get (i)));returnusers;}}

(3) defines the Controller method that invokes the method.

@RequestMapping ("/") PublicModelandview Index () {Modelandview mv=NewModelandview (); Mv.addobject ("Message", "hello,welcome!"); Mv.setviewname ("Home/index"); //A collection of 4 elements is prepared. list<string> NameList =NewArraylist<string>(); List<Integer> salarylist =NewArraylist<integer>(); Namelist.add ("Zhangsan"); Namelist.add ("Lisi"); Namelist.add ("Wangwu"); Namelist.add ("Li"); Salarylist.add (10); Salarylist.add (1001); Salarylist.add (2000); Salarylist.add (3000); List<UserBean> users = This. Userservice.getusers (namelist,salarylist);//for testing purposes, just output to the console. System.out.println (users);returnMV;}

(4) Operation Result:

The result of the last return value is a collection of 3 elements.

The console output is as follows:

[UserBean [Name=zhangsan, salary=1001], UserBean [Name=lisi, salary=2000], UserBean [Name=wangwu, salary=3000]]

in order to test@PreFilterof the annotationsFiltertargetproperty, the method being tested uses two parameters. BecauseFiltertargetproperty can only specify one parameter, and only one can be defined on the same method@PreFilterannotations, sogetusers ()method to actually see the parameters in theNameListhave a4elements,salarylisthave a3elements, causing the dislocation. When actually applied, you can use theNameListand thesalarylistMerge into a single set so that you can fully play@PreFilterthe effect.

For reusable annotations, refer to the reuse of annotations in the blog Java Important technology (*) annotations.

Spring Security Application Development (18) method-based authorization (ii) filtering