Gre*_*bin 3 spring-mvc spring-security spring-annotations
我正在使用spring MVC和spring security.
我有注释驱动的控制器,并尝试添加安全注释.
控制器代码:
@Controller
public class SomeController implements MessageSourceAware {
@Secured("ROLE_ADMIN")
@RequestMapping(value = "/somepage", method = RequestMethod.GET)
public String getPage(HttpServletRequest request, ModelMap model) {
// logic
return ADMIN_VIEW_NAME;
}我的spring-security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true" use-expressions="true" access-denied-page="/denied">
<security:intercept-url pattern="/login" access="permitAll"/>
<!--<security:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')"/>-->
<security:form-login
login-page="/login"
authentication-failure-url="/login?error=true"
default-target-url="/index"/>
<security:logout
invalidate-session="true"
logout-success-url="/login"
logout-url="/logout"/>
</security:http>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<security:authentication-manager>
<security:authentication-provider user-service-ref="authManager">
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<!-- Use a SHA encoder since the user's passwords are stored as SHA in the database -->
<bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder"/>
<!-- A custom service where Spring will retrieve users and their corresponding access levels -->
<bean id="authManager" class="some.package.AdminManager"/>
</beans>当我尝试打开安全页面时,我收到以下错误:
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalArgumentException: object is not an instance of declaring class
HandlerMethod details:
Controller [$Proxy139]
Method [public java.lang.String SomeController.getPage(javax.servlet.http.HttpServletRequest,org.springframework.ui.ModelMap)]
Resolved arguments:
[0] [type=org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper] [value=SecurityContextHolderAwareRequestWrapper[ FirewalledRequest[ org.apache.catalina.connector.RequestFacade@7a31c825]]]
[1] [type=org.springframework.validation.support.BindingAwareModelMap] [value={}]如果我删除了安全注释并取消注释以下行spring-security.xml:
<security:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')"/>一切正常.
感谢您的任何帮助.
cha*_*had 12
移动
<security:global-method-security secured-annotations="enabled" />
从spring-security.xml到主调度程序servlet引用的xml文件,通常类似于servlet-context.xml或application-context.xml
请参见 http://static.springsource.org/spring-security/site/faq/faq.html#faq-method-security-in-web-context
另外,我认为您需要将"proxy-target-class ="true"'添加到global-method-security注释中,以及
<security:global-method-security secured-annotations="enabled" proxy-target-class="true"/>
| 归档时间: |
|
| 查看次数: |
5530 次 |
| 最近记录: |