配置文件里添加文件访问路径不生效,请问有没有方式可以支持文件匿名访问呢?
jmix.rest.anonymous-url-patterns = \
/rest/files,\
/rest/files/*
匿名用户默认没有上传和下载的权限。所以有几步:
- API 接口支持匿名访问:
jmix.rest.anonymousUrlPatterns=/rest/files
- 添加一个可以上传下载文件的角色:
package com.abmcode.sales.security;
import io.jmix.security.role.annotation.ResourceRole;
import io.jmix.security.role.annotation.SpecificPolicy;
@ResourceRole(name = "RestFiles", code = RestFilesRole.CODE, scope = "API")
public interface RestFilesRole {
String CODE = "rest-files";
@SpecificPolicy(resources = {"rest.enabled", "rest.fileDownload.enabled", "rest.fileUpload.enabled"})
void specific();
}
- 修改
DatabaseUserRepository类,为匿名用户添加上面的角色:
@Override
protected void initAnonymousUser(User anonymousUser) {
Collection<GrantedAuthority> authorities = getGrantedAuthoritiesBuilder()
.addResourceRole(RestFilesRole.CODE)
.build();
anonymousUser.setAuthorities(authorities);
}
重启服务,应该就可以了。
1 个赞
成功了,感谢
@SpecificPolicy(resources = {“rest.enabled”, “rest.fileDownload.enabled”, “rest.fileUpload.enabled”})
请问一下这个是什么格式,如果我只是一个普通的接口,应该如何写 “ ” 里的内容
我现在遇到的问题是:
2023-03-09 15:05:09.171 DEBUG 16936 — [io-8080-exec-15] io.jmix.core.AccessLogger : Denied access to [entity ‘wangedi_EditorContent’ create, read, update, delete] for user [anonymous] by io.jmix.securitydata.constraint.CrudEntityConstraint
求大佬解答
你这个是匿名用户无法访问 EditorContent 这个实体。需要定义实体权限,参考 资源角色 :: Jmix 文档
比如说对于 Post 实体,我希望匿名用户能读该实体及其所有属性:
@EntityAttributePolicy(entityClass = Post.class, attributes = "*", action = EntityAttributePolicyAction.VIEW) // 实体的所有属性只读
@EntityPolicy(entityClass = Post.class, actions = EntityPolicyAction.READ) // 实体只读
void post();
好的,谢谢,我试一下