我試圖使用Spring Security 3.1春季安全註解@Preauthoritze不工作
但是當我ROLE_USER權威
它不會做任何事情(註解@PreAuthorize( 「hasRole( 'ROLE_ADMIN')」 ))
我期運用春天3.1M和springsecurity 3.1
我需要做什麼嗎?
下面是我的springsecurity configulation代碼
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<s:global-method-security pre-post-annotations="enabled">
<!-- <s:expression-handler ref="expressionHandler"/> -->
</s:global-method-security>
<s:http pattern="/css/**" security="none" />
<s:http pattern="/js/**" security="none" />
<s:http pattern="/favicon.ico" security="none" />
<s:http pattern="/index.jsp" security="none" />
<s:http auto-config="true" use-expressions="true" access-denied-page="/denied.jsp">
<s:intercept-url pattern="/web/index" access="permitAll" />
<s:intercept-url pattern="/web/**" access="isAuthenticated()"/>
<s:intercept-url pattern="/web/study/*" access="hasRole('ROLE_USER')"/>
<s:form-login />
<s:logout />
<s:session-management>
<s:concurrency-control
error-if-maximum-exceeded="true" max-sessions="1" expired-url="/expired.jsp" />
</s:session-management>
</s:http>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<s:authentication-manager>
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder ref="passwordEncoder" />
</s:authentication-provider>
</s:authentication-manager>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the
database -->
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
<s:authentication-manager alias="authenticationManager">
<!-- If you want to use a database, then you can use -->
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder ref="passwordEncoder" />
</s:authentication-provider>
</s:authentication-manager>
</beans>
和contoroller代碼
package com.app.web.study.language.action;
import java.util.*;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import com.app.web.common.BaseController;
import com.app.web.study.language.service.impl.StudyServiceImpl;
@Controller
public class StudyController extends BaseController {
protected static Logger logger = LoggerFactory.getLogger("StudyController");
@Resource(name="studyServiceImpl")
private StudyServiceImpl studyServiceImpl;
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/study/list", method = RequestMethod.GET)
public String study(Locale locale
, Model model
, HttpServletRequest req) {
logger.info("study", locale);
HashMap<String, Object> parameters = new HashMap<String, Object>();
List list = studyServiceImpl.getList(parameters);
model.addAttribute("ctx", getCrreuntUrl());
model.addAttribute("list", list);
//model.addAttribute("activeUsers", getlistActiveUsers());
return "base.study";
}
}
你怎麼說它什麼都不做? – 2013-02-18 03:21:46
當我的用戶權限登錄訪問URL(http:// localhost:8080 /網絡/研究/列表)... springsecurity無法檢查@preauthority註釋,,, – user1767190 2013-02-18 06:46:55
最有可能的是,你有[這個問題]( http://stackoverflow.com/questions/2524962/spring-security-not-processing-pre-post-annotations?rq=1) – 2013-02-18 19:18:41