PreAuthorize 注释不适用于球衣 [英] PreAuthorize annotation doesn't work with jersey

问题描述

我正在尝试使用 spring 安全注释来保护 jersey 服务，但没有任何运气.

I'm trying to secure a jersey service using spring security annotations without any luck.

我已将此部分添加到 web.xml:

I've added this section to web.xml:

<servlet>
    <servlet-name>Jersey REST Service</servlet-name>
    <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
    <init-param>
        <param-name>jersey.config.server.provider.packages</param-name>
        <param-value>com.test.proj.ui.web.rest;com.fasterxml.jackson.jaxrs</param-value>
    </init-param>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>com.test.commons.ui.web.jersey.RestApplication</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

还在 applicationContext 上启用了 pre-post-annotations:

Also enabled the pre-post-annotations using this on applicationContext:

<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />

这是我的服务类:

@Component
@Path("/user/{uid: .*}")
public class UserResource {
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @PreAuthorize("hasRole('ROLE_MANAGE_USER')")
    public Response getUserDetail(@PathParam("uid") String uid) {
        return "Hi, this is a test";
    }
}

Spring 安全性在身份验证中运行良好，但授权没有按预期工作，并且忽略 PreAuthorize 注释而没有任何错误或日志.

Spring security works well in authentication but the authorization doesn't work as expected and ignores the PreAuthorize annotation without any error or log.

我使用的是 Spring 3.2.4 和 Spring Security 3.2.1 以及 Jersy 2.6.

I'm using Spring 3.2.4 and Spring Security 3.2.1 and Jersy 2.6.

有什么想法吗?

谢谢

推荐答案

spring 组件扫描没有正确配置！要解决这个问题，只需正确添加组件扫描即可.

The spring component scan wasn't configured correctly! To solve the problem, only add component scan correctly and it works.

这篇关于PreAuthorize 注释不适用于球衣的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！