Spring框架安全性@preauthorize注释在osgi中不起作用 [英] spring framework security @preauthorize annotation not working in osgi
问题描述
我将osgi与基于spring注释的config一起使用. (使用virgo部署应用程序)
方法impl上的@preauthorize注释不起作用.
尽管没有角色,它仍允许用户访问它.
I am using osgi with spring annotations based config. (using virgo to deploy the app)
@preauthorize annotations on the method impl are not working.
It is allowing the user to access it despite not having the role.
如果我在界面上放置相同的注释,它将为所有用户抛出AccessDenied异常. 例外:
If I put the same annotations on interface, it throws AccessDenied exception for all the users. Exception:
org.springframework.security.access.AccessDeniedException: Access is denied
252881 [http-bio-8080-exec-3] ERROR c.w.HomeController - handleAccessDeniedException####Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203
at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at $Proxy421.save(Unknown Source)
at c.w.controllers.HomeController.home(HomeController.java:125)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapte
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:414)
这是我的配置:
<bean id="expressionHandler"
class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="aclPermissionEvaluator"/>
</bean>
<global-method-security pre-post-annotations="enabled" run-as-manager-ref="runAsManager"
secured-annotations="enabled">
<expression-handler ref="expressionHandler" />
</global-method-security>
我正在使用spring-security 3.0.4.RELEASE
I am using spring-security 3.0.4.RELEASE
推荐答案
我在一个捆绑软件中使用了@Preauthorize批注,并在另一个捆绑软件中定义了global-method-security
将其移至同一捆绑包后,此问题已得到解决.
I used @Preauthorize annotations in one bundle and defined global-method-security in another bundle
The issue got fixed after moving it to the same bundle.
这篇关于Spring框架安全性@preauthorize注释在osgi中不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!