2015-03-02 142 views
1

我有一些問題。我爲我的應用程序使用spring安全性,並且當我標記方法註釋@Secured(「ROLE_ADMIN」)時,它不起作用。春季安全。註釋安全不起作用

@Secured("ROLE_ADMIN") 
@RequestMapping(value = "/greeting",produces = "application/json") 
public @ResponseBody List<UserEntity> greeting() { 
    return userService.getAllCurrentUsers(); 
} 

此安全-config.xml中

<global-method-security secured-annotations="enabled" pre-post-annotations="enabled"/> 

<http pattern="/resources/**" security="none"/> 
<http pattern="/loginSecurity" security="none"/> 
<http pattern="/favicon.ico" security="none" /> 
<http use-expressions="true"> 
    <intercept-url pattern="/**" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')"/> 
    <form-login login-page="/loginSecurity" default-target-url="/workspace"/> 
</http> 

<authentication-manager> 
    <authentication-provider> 
     <password-encoder hash="bcrypt" /> 
     <jdbc-user-service data-source-ref="dataSource" 
          authorities-by-username-query="SELECT userentity.username , roleentity.role_name from userentity 
                JOIN userentity_roleentity ON userentity.userid = userentity_roleentity.userlist_userid 
                JOIN roleentity ON userentity_roleentity.rolelist_role_name = roleentity.role_name 
                WHERE userentity.username = ?" 
          users-by-username-query="SELECT username,pwd,enable FROM userentity where username = ?"/> 
    </authentication-provider> 
</authentication-manager> 

認證工作。數據庫中的角色是正確的。 此代碼也適用。

sec:authorize access="hasRole('ROLE_ADMIN')"> 
<button onclick="loadHeadRef('workspace','settings')"> 
    <img src='<spring:url value="/resources/image/settings.png"/>' alt="">Settings</button> 
</sec:authorize> 
+1

可能重複的控制器不工作,但攔截的URL似乎工作正常](http://stackoverflow.com/questions/6651119/secured-does-not-work-in-controller-but-intercept-url-seems-to-be-working-fine) – 2015-03-02 13:54:19

回答

1

嘗試在彈簧servlet.xml中使用@PreAuthorize

@PreAuthorize("hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_APPROVAL_PENDING')") 

把[@Secured以下

<security:global-method-security 
     pre-post-annotations="enabled" secured-annotations="enabled" /> 
    <mvc:annotation-driven /> 
+1

謝謝你幫助,我解決了這個問題。我把在mvc-dispatcher.xml中。 – 2015-03-04 05:22:10

+0

不客氣。然後接受答案 – LynAs 2015-03-04 05:24:07