spring 不强制执行方法安全注释 [英] spring not enforcing method security annotations
本文介绍了spring 不强制执行方法安全注释的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我对为什么 spring 没有在我的服务接口上强制执行 @Secured("ROLE_USER") 有一些误解.我的控制器是使用注释建立的.
I'm some what lost as to why spring isn't enforcing the @Secured("ROLE_USER") on my service interface. My controllers are established using annotations.
我的服务接口示例
public interface MyServiceManager {
@Secured("ROLE_USER")
public void delete(int cid);
@RolesAllowed({"ROLE_USER"})
public Contact getContact(int contactId);
}
我的安全上下文:
<global-method-security secured-annotations="enabled" jsr250-annotations="enabled">
</global-method-security>
<http auto-config="true" >
<intercept-url pattern="/secure/**" access="ROLE_SUPERVISOR" />
<intercept-url pattern="/addcontact**" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<concurrent-session-control max-sessions="1"
exception-if-maximum-exceeded="true"/>
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
<logout logout-success-url="/welcome.do" logout-url="/logout"/>
</http>
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
</user-service>
</authentication-provider>
推荐答案
你有说法吗
<global-method-security secured-annotations="enabled" jsr250-annotations="enabled" />
在与您定义 MyServiceManager bean 相同的配置文件中?在我为 org.springframework 打开调试之前,我遇到了同样的问题,并注意到 spring 安全仅应用于与定义 global-method-security 的文件相同的文件.
in the same configuration file as the one you defined the MyServiceManager bean? I had the same problem until I turned on debug for org.springframework, and noticed that spring security was only applied on the same file as the ones where global-method-security was defined in.
这篇关于spring 不强制执行方法安全注释的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文