当 @PreAuthorize 或 @PostAuthorize 在方法级别使用时，Class.getAnnotations() 不会返回类级别注释的完整列表

Question

假设我有一个带有注释的下面的类 -

@Component
@Path("/somepath/")
@Api(value = "/somepath", description = "Operations")
public class SomeResourceClass {

    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    @ApiOperation(value = "Create new Resource", 
        response = SomeResource.class)
    @ApiResponses(value = { @ApiResponse(code = 401, message = "Some Message") })
    public SomeResource createResource(@ApiParam(value="someResource", required = true)SomeResource resource) {
    }
}

我正在尝试使用下面的代码访问上面类级别使用的注释列表

List<ClassResourceInfo> classResourceInfos = serverFactoryBean.getServiceFactory().getClassResourceInfo();
for (ClassResourceInfo classResourceInfo : classResourceInfos) {
    for (Annotation annotation : classResourceInfo.getResourceClass().getAnnotations()) {
 // work with each annotation
}
}

我从 classResourceInfo.getResourceClass().getAnnotations() 获得以下列表 -

[@org.springframework.stereotype.Component(value=), 
 @javax.ws.rs.Path(value=/somepath/), 
 @io.swagger.annotations.Api(basePath=, hidden=false, authorizations=[@io.swagger.annotations.Authorization(scopes=[@io.swagger.annotations.AuthorizationScope(scope=, description=)], value=)], produces=, description=Operations, position=0, protocols=, value=/somepath, tags=[], consumes=)]

所以在这里我得到了在类级别定义的完整注释列表。

但现在如果我使用 @PreAuthorize on 方法，我会得到不完整的列表。

@Component
@Path("/somepath/")
@Api(value = "/somepath", description = "Operations")
public class SomeResourceClass {

    @POST
    @Consumes(MediaType.APPLICATION_JSON)
    @Produces(MediaType.APPLICATION_JSON)
    @ApiOperation(value = "Create new Resource", 
        response = SomeResource.class)
    @ApiResponses(value = { @ApiResponse(code = 401, message = "Some Message") })
    @PreAuthorize("hasRole('ADMIN')")
    public SomeResource createResource(@ApiParam(value="someResource", required = true)SomeResource resource) {
    }
}

我在这个场景中得到的类级别上定义的注释列表是 -

[@io.swagger.annotations.Api(basePath=, hidden=false, authorizations=[@io.swagger.annotations.Authorization(scopes=[@io.swagger.annotations.AuthorizationScope(scope=, description=)], value=)], produces=, description=Operations, position=0, protocols=, value=/somepath, tags=[], consumes=)]

我已经在 web-context xml 文件中定义了 SomeResourceClass

<jaxrs:server id="service-rest" address="/">
        <jaxrs:serviceBeans>
            <ref bean="someResourceClass"/>
        </jaxrs:serviceBeans>
</jaxrs:server>

当我在其中一种方法上使用 @PreAuthorize 批注时，您能帮我指出为什么我得到的类级别批注列表不完整吗？

Answer 1

看起来这是因为 Spring 为您的控制器创建了代理，因为您使用了 @PreAuthorize 注释。请参考this 文章。

您仍然可以访问目标类注释：

public class MetricSuppliersLoader implements ApplicationContextAware {

@Override
public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
    Map<String, Object> beans = applicationContext.getBeansWithAnnotation(SomeAnnotationClass.class);
    beans.entrySet().forEach(e -> System.out.println("Bean name: "+e.getKey()));

}
}