问题:
Spring Security注释@preauthoritze不起作用
澹台欣怿
我尝试使用Spring security 3.1
但当我ROLE_USER权限
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<s:global-method-security pre-post-annotations="enabled">
<!-- <s:expression-handler ref="expressionHandler"/> -->
</s:global-method-security>
<s:http pattern="/css/**" security="none" />
<s:http pattern="/js/**" security="none" />
<s:http pattern="/favicon.ico" security="none" />
<s:http pattern="/index.jsp" security="none" />
<s:http auto-config="true" use-expressions="true" access-denied-page="/denied.jsp">
<s:intercept-url pattern="/web/index" access="permitAll" />
<s:intercept-url pattern="/web/**" access="isAuthenticated()"/>
<s:intercept-url pattern="/web/study/*" access="hasRole('ROLE_USER')"/>
<s:form-login />
<s:logout />
<s:session-management>
<s:concurrency-control
error-if-maximum-exceeded="true" max-sessions="1" expired-url="/expired.jsp" />
</s:session-management>
</s:http>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<s:authentication-manager>
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder ref="passwordEncoder" />
</s:authentication-provider>
</s:authentication-manager>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the
database -->
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
<s:authentication-manager alias="authenticationManager">
<!-- If you want to use a database, then you can use -->
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder ref="passwordEncoder" />
</s:authentication-provider>
</s:authentication-manager>
</beans>
和控制程序代码
package com.app.web.study.language.action;
import java.util.*;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import com.app.web.common.BaseController;
import com.app.web.study.language.service.impl.StudyServiceImpl;
@Controller
public class StudyController extends BaseController {
protected static Logger logger = LoggerFactory.getLogger("StudyController");
@Resource(name="studyServiceImpl")
private StudyServiceImpl studyServiceImpl;
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/study/list", method = RequestMethod.GET)
public String study( Locale locale
, Model model
, HttpServletRequest req) {
logger.info("study", locale);
HashMap<String, Object> parameters = new HashMap<String, Object>();
List list = studyServiceImpl.getList(parameters);
model.addAttribute("ctx", getCrreuntUrl() );
model.addAttribute("list", list );
//model.addAttribute("activeUsers", getlistActiveUsers());
return "base.study";
}
}
共有1个答案
楚嘉
您可能遇到这个问题Spring Security FAQ吗
类似资料:
-
我有一个简单的类叫BeaconDao 然而,当我用@service或@component标记beaconDao时,一切都运行得非常好。有人能看出问题所在吗?
-
问题内容: 我正在尝试使用Java批注,但似乎无法使我的代码认识到其中存在。我究竟做错了什么? 问题答案: 您需要使用注释界面上的@Retention注释将注释指定为运行时注释。 即
-
问题内容: 我知道有一些关于此的帖子,但是它们大约一年了,没有任何回应。实际上,我们在PostgreSQL 8.4上使用的是Hibernate 4.2.1.Final。我们有两个这样的实体 实体A(顶级层次结构类) 实体B(子类) 如您所见,使用注释了一个实体,但是当使用来获取顶级类时 我们也通过属性获得了B子类。实际上,SQL语句包含。这仍然是Hibernate第四版中的错误,还是我做错了什么?
-
问题内容: 我从Spring Framework开始,想做一个带有注释的HelloWorld,我已经创建了一个控制器和一个视图,我猜它是基本的hello工作。但是,我想使用注释,因为我不能再使用SimpleFormController(已弃用)。 我收到的错误是Estado HTTP 404-/av/index.jsp 我正在使用Netbeans,并将示例基于它提供的基本模板。我有以下文件,我可以
-
我尝试使用SmtpAuthenticator创建邮件服务。组件已正确启动,但用户名和密码字段中存在空值。为什么会这样?