PreAuthorize批注不适用于jersey [英] PreAuthorize annotation doesn't work with jersey

问题描述

我正在尝试使用春季安全注释来保护球衣服务，但没有任何运气.

I'm trying to secure a jersey service using spring security annotations without any luck.

我已将本节添加到web.xml:

I've added this section to web.xml:

<servlet>
    <servlet-name>Jersey REST Service</servlet-name>
    <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
    <init-param>
        <param-name>jersey.config.server.provider.packages</param-name>
        <param-value>com.test.proj.ui.web.rest;com.fasterxml.jackson.jaxrs</param-value>
    </init-param>
    <init-param>
        <param-name>javax.ws.rs.Application</param-name>
        <param-value>com.test.commons.ui.web.jersey.RestApplication</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

还在applicationContext上使用此功能启用了后期注释:

Also enabled the pre-post-annotations using this on applicationContext:

<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />

这是我的服务班级:

@Component
@Path("/user/{uid: .*}")
public class UserResource {
    @GET
    @Produces(MediaType.APPLICATION_JSON)
    @PreAuthorize("hasRole('ROLE_MANAGE_USER')")
    public Response getUserDetail(@PathParam("uid") String uid) {
        return "Hi, this is a test";
    }
}

Spring安全性在身份验证中效果很好，但是授权不能按预期工作，并且会忽略PreAuthorize批注，而不会出现任何错误或日志.

Spring security works well in authentication but the authorization doesn't work as expected and ignores the PreAuthorize annotation without any error or log.

我正在使用Spring 3.2.4，Spring Security 3.2.1和Jersy 2.6.

I'm using Spring 3.2.4 and Spring Security 3.2.1 and Jersy 2.6.

有什么主意吗?

谢谢

推荐答案

spring组件扫描未正确配置！要解决该问题，只需正确添加组件扫描即可.

The spring component scan wasn't configured correctly! To solve the problem, only add component scan correctly and it works.

这篇关于PreAuthorize批注不适用于jersey的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！