SpringBoot SpringSecurity ACL @PostFilter

Question

我使用...

springBootVersion = '1.2.4.RELEASE' 
springVersion = '4.1.6.RELEASE' 
springSecurityVersion = '4.0.0.M2' 


@Configuration 
@EnableGlobalMethodSecurity(prePostEnabled = true) 
@EnableWebMvcSecurity 
@Profile(ElmProfile.HAS_AUTHENTICATION) 
public class SecurityXXX extends WebSecurityConfigurerAdapter { 

} 

Application.java具有相應

@ComponentScan 

logging.level.org.springframework.security=TRACE 

問題： 有一些奇怪的行爲...

There are may post filter annotations are defined on the service interface , but in the logs it shows its detected the annotation on the service impl class instead !?. 

Althought there are many such methods on the service interface with only one method is detected 

是的服務有@Service註釋，如下圖所示：

@Validated 
public interface SiteService { 
    @PostFilter("hasPermission(filterObject, 'read')") 
    @NotNull 
    List<Site> getSitesWithBins(); 

    @PostFilter("hasPermission(filterObject, 'read')") 
    @NotNull 
    List<Site> getAllSitesRestricted(); 

    @PostFilter("hasPermission(filterObject, 'read')") 
    @NotNull 
    List<Site> getAllSites(); 

    @PostFilter("hasPermission(filterObject, 'read')") 
    @NotNull 
    List<Site> findSitesByMain(final boolean isMain); 

    @NotNull 
    List<Site> getSitesByTransferType(@Min(1) final Long siteId, @NotNull final TransferType.Code transferType); 

    @PostFilter("hasPermission(filterObject, 'read')") 
    Site getSite(@Min(1) final Long siteId); 


@Service 
@Transactional 
@RequiredArgsConstructor(onConstructor = @__(@Autowired)) 
public class SiteServiceImpl implements SiteService { 

     //implementas all the service interface methods 
} 

The stack trace below shows that only one method was found , all the methods are not found i.e. only the @PostFilter on the getSite() method is found .. 
2015-06-26 19:23:17.986 TRACE 13561 --- [   main] .PrePostAnnotationSecurityMetadataSource : Looking for Pre/Post annotations for method 'getSite' on target class 'class au.com.xxx.xxxx.inventory.main.service.SiteServiceImpl' 
2015-06-26 19:23:17.987 DEBUG 13561 --- [   main] .PrePostAnnotationSecurityMetadataSource : @org.springframework.security.access.prepost.PostFilter(value=hasPermission(filterObject, 'read')) found on specific method: public au.com.xxxx.xxxx.inventory.main.domain.Site au.com.xxxx.xxxx.inventory.main.service.SiteServiceImpl.getSite(java.lang.Long) 
2015-06-26 19:23:17.990 DEBUG 13561 --- [   main] m.DelegatingMethodSecurityMetadataSource : Caching method [CacheKey[au.com.xxxx.xxxx.inventory.main.service.SiteServiceImpl; public abstract au.com.xxxx.xxxx.inventory.main.domain.Site au.com.xxxx.xxxx.inventory.main.service.SiteService.getSite(java.lang.Long)]] with attributes [[authorize: 'permitAll', filter: 'null', filterTarget: 'null'], [authorize: 'null', filter: 'hasPermission(filterObject, 'read')']] 

因此，奇怪的是其他註釋在服務接口上被忽略，並且一種特定的方法被認爲具有註釋。 根據上面的日誌語句，Alss是一件奇怪的事情，它在服務實現類上找到了@PostFilter，但是它們在接口中定義了!!!!!!而且我確信在類路徑中沒有其他接口/類具有相同的名稱。

Answer 1

你的堆棧跟蹤不清楚。如果您可以準確地發佈完整的日誌，那將會很有幫助。不過，這裏有一個快速解決方案，請檢查您是否在您的ServiceImpl calss上添加了@Service註釋，並確保您的服務包應該在其中進行配置。記得在春天，每件事物都是一個組件，因此它們將用@Component註解表示，@Service和@Repository是@Component的子註解。