1
我創建了一個實現FilterInvocationSecurityMetadataSource接口的類。filterSecurityInterceptor和元數據源實現spring-security
我實現這樣的:
public List<ConfigAttribute> getAttributes(Object object) {
FilterInvocation fi = (FilterInvocation) object;
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Long companyId = ((ExtenededUser) principal).getCompany().getId();
String url = fi.getRequestUrl();
// String httpMethod = fi.getRequest().getMethod();
List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
FilterSecurityService service = (FilterSecurityService) SpringBeanFinder.findBean("filterSecurityService");
Collection<Role> roles = service.getRoles(companyId);
for (Role role : roles) {
for (View view : role.getViews()) {
if (view.getUrl().equalsIgnoreCase(url))
attributes.add(new SecurityConfig(role.getName() + "_" + role.getCompany().getName()));
}
}
return attributes;
}
當調試我的應用程序,我看到它到達此類時,它只達到getAllConfigAttributes方法,那就是空的,因爲我說了,返回null。之後它將打印此警告: 由於SecurityMetadataSource未從getAllConfigAttributes()返回任何屬性,因此無法驗證配置屬性。
我aplicationContext-安全是這樣的:
<beans:bean id="filterChainProxy"
class="org.springframework.security.web.FilterChainProxy">
<filter-chain-map path-type="ant">
<filter-chain filters="sif,filterSecurityInterceptor"
pattern="/**" />
</filter-chain-map>
</beans:bean>
<beans:bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="accessDecisionManager" ref="accessDecisionManager" />
<beans:property name="securityMetadataSource" ref="filterSecurityMetadataSource" />
</beans:bean>
<beans:bean id="filterSecurityMetadataSource"
class="com.mycompany.filter.FilterSecurityMetadataSource">
</beans:bean>
可能是什麼問題呢?