I've asked this question in my previous post here: SpEL for spring security: Passing Values from XML to Java based SpEL configuration. But it wasn't yet resolved. I want to inject values either from an xml configuration or from external file into @PreAuthorize(...)annotation. It is not easy like injecting by using @Valueannotation.

我在之前的帖子中问过这个问题：SpEL for spring security: Passing Values from XML to Java based SpEL configuration。但还没有解决。我想将值从 xml 配置或从外部文件注入到@PreAuthorize(...)注释中。不像使用@Value注解注入那么容易。

To recall the question, I provide the following information.

为了回忆这个问题，我提供以下信息。

1. I have the following xml configuration file (example.xml) that has properties and initialized its corresponding values.

   <beans>
       <bean id="userBean" class="x.y.User">
       <property name="name" value="A"/>
       <property name="userId" value="33"/>
   
       <bean id="customerBean" class="x.y.Customer">
           <property name="name" value="B"/>
           <property name="customerId" value="33"/>
       </bean>
   </beans>
   

2. I have the following external properties file (example.properties) inside /WEB-INF folder. This file is an alternative for the XML configuration file mentioned above.

   user.id = 33
   customer.id =33
   

3. I have property policy holder configuration in my applicationContext.xml file

   <context:property-placeholder location="/WEB-INF/*.properties" ignore-unresolvable="true" />
   
   <bean id="propertyConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
         p:location="/WEB-INF/example.properties" p:ignoreUnresolvablePlaceholders="true" />
   

4. I have two model classes: Userand Customer

   public class User {
       private int userId;
   
   public int getUserId() {
           return userId;
       }
   }
   
   public class Customer {
       private int customerId;
   
       public int getCustomerId(){
           return customerId;
       }
   }
   

5. I have another service/controller class which I want to restrict the 'edit'method by using @PreAuthorizeannotation.

   The restriction: The method is allowed (authorized to be executed) if and only if 'userId'and 'customerId'are evaluated equal!.

   To achieve the restriction, I want to consider two ways

   1. by injecting 'userId'and 'customerId'values from the xml file(example.xml) into expression 1 below. The expressions I used in this are suggested by Rob Winch (Thank you Rob!). However, Spring couldn't evaluate the expression.

   2. by injecting 'userId'and 'customerId'values from the external properties file(example.properties) into expression 2 below. Similarly, spring couldn't evaluate this expression as well.

      @Service("..") or @Controller
      public class MyMainClass {
      
          //Expression 1
          @PreAuthorize("@userBean.userId == @customerBean.customerId")
              public Boolean edit(User user, Customer custmer)  {
          return true;
          }
      
          //Expression 2
          ////I've tried other ways as well, but end up with similar exceptions
          @PreAuthorize("${user.id} == ${customer.id}")
          public Boolean edit(User user, Customer customer)  {
              return true;
          }
      }
      

1. 我有以下 xml 配置文件 (example.xml)，它具有属性并初始化了其相应的值。

   <beans>
       <bean id="userBean" class="x.y.User">
       <property name="name" value="A"/>
       <property name="userId" value="33"/>
   
       <bean id="customerBean" class="x.y.Customer">
           <property name="name" value="B"/>
           <property name="customerId" value="33"/>
       </bean>
   </beans>
   

2. 我在 /WEB-INF 文件夹中有以下外部属性文件（example.properties）。该文件是上述 XML 配置文件的替代文件。

   user.id = 33
   customer.id =33
   

3. 我的 applicationContext.xml 文件中有属性策略持有者配置

   <context:property-placeholder location="/WEB-INF/*.properties" ignore-unresolvable="true" />
   
   <bean id="propertyConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
         p:location="/WEB-INF/example.properties" p:ignoreUnresolvablePlaceholders="true" />
   

4. 我有两个模型类：User和Customer

   public class User {
       private int userId;
   
   public int getUserId() {
           return userId;
       }
   }
   
   public class Customer {
       private int customerId;
   
       public int getCustomerId(){
           return customerId;
       }
   }
   

5. 我有另一个服务/控制器类，我想'edit'通过使用@PreAuthorize注释来限制该方法。

   The restriction: 该方法被允许（授权执行）当且仅当'userId'和'customerId'被评估为相等！。

   为了实现限制，我想考虑两种方法

   1. 通过将xml 文件（example.xml）中的'userId'和'customerId'值注入下面的表达式 1。我在这里使用的表达方式是 Rob Winch 建议的（谢谢 Rob！）。但是，Spring 无法计算表达式。

   2. 通过注入'userId'和'customerId'从外部属性文件（example.properties）值到下面的表达式2。同样，spring 也无法评估这个表达式。

      @Service("..") or @Controller
      public class MyMainClass {
      
          //Expression 1
          @PreAuthorize("@userBean.userId == @customerBean.customerId")
              public Boolean edit(User user, Customer custmer)  {
          return true;
          }
      
          //Expression 2
          ////I've tried other ways as well, but end up with similar exceptions
          @PreAuthorize("${user.id} == ${customer.id}")
          public Boolean edit(User user, Customer customer)  {
              return true;
          }
      }
      

My questions:

我的问题：

Q1. What are the right expressions that I must put inside the @PreAuthorizeannotation to inject values from the xml file (example.xml) or from property file (example.properties) into the @PreAuthorize(...)expression, then it can be easily evaluated?

一季度。我必须在@PreAuthorize注释中放入哪些正确的表达式才能将 xml 文件 (example.xml) 或属性文件 (example.properties) 中的值注入@PreAuthorize(...)表达式中，然后才能轻松对其进行评估？

Q2. Point me if I did mistakes other than the expressions.

Q2。如果我在表达以外的地方犯了错误，请指出。

Q3. Its like a $1,000,000.00 question for me as I am fed up as hell to solve this issue!!!. So please help me out as much as you can!.

Q3。这对我来说就像一个 1,000,000.00 美元的问题，因为我已经厌倦了解决这个问题！！！。所以请尽可能多地帮助我！