3

I'm calling the following method from the web layer throw a logged in user that has the attached permission:

@PreAuthorize("hasRole('list_users_permission')")
public List<UserDto> getAllUsers() {
    ........
}

But now I want to call it through a scheduler job, which means that I haven't a logged in user.

Is there a way to bypass this annotation @PreAuthorize("hasRole('list_users_permission')") or to create a virtual user with all the needed permissions ?

4

1 回答 1

4

First, make getAllUsers() delegate to a non-secured method:

@PreAuthorize("hasRole('list_users_permission')")
public List<UserDto> getAllUsers() {
    return doGetAllUsers();
}

public List<UserDto> doGetAllUsers() {
    ...
}

Then make the scheduled code invoke doGetAllUsers().

于 2013-10-07T22:12:02.163 回答