Announcement Announcement Module
Collapse
No announcement yet.
@Postfilter not working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • @Postfilter not working

    The @Postfilter is not being triggered.

    There are two methods in my controller. The listJson method makes a call to list1 method to get all projects and returns them in json format. I have a @Postfilter on list1 method to filter projects and the filter is not being triggered.

    The issue is not with configuration. Since for testing purposes, I tried placing the @Postfilter on listJson method and it does trigger. Can you kindly assist me in the matter? I would be very grateful.

    @RequestMapping(produces = "application/json")
    @ResponseBody
    public String listJson(HttpServletRequest request, HttpServletResponse response) {

    List<Project> items = list1(request, response, Project.class);
    return JsonHelper.toJsonArray(items, request.getContextPath());
    }

    @PostFilter("hasPermission(filterObject, 'read')")
    private List<Project> list1(HttpServletRequest request, HttpServletResponse response, Class<Project> clazz) {
    Integer[] ia = WebHelper.getDojoGridPaginationInfo(request);
    Integer firstResult = ia[0];
    Integer lastResult = ia[1];

    Entry<String, String> orderBy = WebHelper.getDojoJsonRestStoreOrderBy(request.getP arameterNames());
    Where where = WebHelper.FromJsonToFilterClass(request.getParamet er("filter"));
    List<Project> items = JpaHelper.findEntries(firstResult, lastResult - firstResult + 1, orderBy, where, clazz);
    Integer totalCount = JpaHelper.countEntries(where, clazz).intValue();

    WebHelper.setDojoGridPaginationInfo(firstResult, lastResult, totalCount, response);

    return items;
    }

    webmvc-config.xml

    <security:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
    <security:expression-handler ref="expressionHandler"/>
    </security:global-method-security>

    <bean id="myPermissionEvaluator" class="org.springframework.security.acls.AclPermis sionEvaluator">
    <constructor-arg ref="aclService" />
    </bean>

    <bean id="expressionHandler" class="org.springframework.security.access.express ion.method.DefaultMethodSecurityExpressionHandler" >
    <property name="permissionEvaluator" ref="myPermissionEvaluator"/>
    </bean>

  • #2
    1. Please use [code ]/code ] tags when posting code, that way the code/xml/stacktraces remain readable
    2. Use the forum search as this kind of question has been answered numerous times before

    I suggest a read of the AOP chapter of the Spring Reference Guide. In short spring uses proxy based AOP and as such only public methods can be proxied and only external method calls will have AOP applied. Internal calls (like yours) will never be intercepted.

    Comment

    Working...
    X