我有一些問題。我爲我的應用程序使用spring安全性,並且當我標記方法註釋@Secured(「ROLE_ADMIN」)時,它不起作用。春季安全。註釋安全不起作用
@Secured("ROLE_ADMIN")
@RequestMapping(value = "/greeting",produces = "application/json")
public @ResponseBody List<UserEntity> greeting() {
return userService.getAllCurrentUsers();
}
此安全-config.xml中
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/loginSecurity" security="none"/>
<http pattern="/favicon.ico" security="none" />
<http use-expressions="true">
<intercept-url pattern="/**" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')"/>
<form-login login-page="/loginSecurity" default-target-url="/workspace"/>
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="bcrypt" />
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="SELECT userentity.username , roleentity.role_name from userentity
JOIN userentity_roleentity ON userentity.userid = userentity_roleentity.userlist_userid
JOIN roleentity ON userentity_roleentity.rolelist_role_name = roleentity.role_name
WHERE userentity.username = ?"
users-by-username-query="SELECT username,pwd,enable FROM userentity where username = ?"/>
</authentication-provider>
</authentication-manager>
認證工作。數據庫中的角色是正確的。 此代碼也適用。
sec:authorize access="hasRole('ROLE_ADMIN')">
<button onclick="loadHeadRef('workspace','settings')">
<img src='<spring:url value="/resources/image/settings.png"/>' alt="">Settings</button>
</sec:authorize>
可能重複的控制器不工作,但攔截的URL似乎工作正常](http://stackoverflow.com/questions/6651119/secured-does-not-work-in-controller-but-intercept-url-seems-to-be-working-fine) – 2015-03-02 13:54:19