相关疑难解决方法(0)

我有一个目前适用于java 6和编译时编织的项目.我们使用以下pom来启用spring方面和我们自己的方面:

<plugin>
  <groupId>org.codehaus.mojo</groupId>
  <artifactId>aspectj-maven-plugin</artifactId>
  <version>1.4</version>
      <configuration>
        <showWeaveInfo>true</showWeaveInfo>
        <source>1.6</source>
        <target>1.6</target>
        <Xlint>ignore</Xlint>
        <complianceLevel>1.6</complianceLevel>
        <encoding>UTF-8</encoding>
        <verbose>false</verbose>
        <aspectLibraries>
          <aspectLibrary>
             <groupId>org.springframework</groupId>
             <artifactId>spring-aspects</artifactId>
          </aspectLibrary>
        </aspectLibraries>
      </configuration>
      <executions>
        <execution>
          <goals>
            <goal>compile</goal>
            <goal>test-compile</goal>
          </goals>
        </execution>
      </executions>
    </plugin>

我已尝试过各种配置,但无法使其与java 7一起使用.如果有人可以共享工作pom或引导它会很棒.

我长期坚持这个问题.我想用来@Secure为我的控制器添加访问控制,ArticleController.java如下所示:

@RequestMapping(headers = "Accept=application/json")
@ResponseBody
@Secured("ROLE_ADMIN")
public ResponseEntity<String> listJson() {
    HttpHeaders headers = new HttpHeaders();
    headers.add("Content-Type", "application/json; charset=utf-8");
    List<Article> result = Article.findAllArticles();
    return new ResponseEntity<String>(Article.toJsonArray(result), headers, HttpStatus.OK);
}

listJson返回一个Json对象,Articles但只有Admin可以读取它们.好了,我现在配置Spring-Security来实现这个功能.

我使用security setupSpring-ROO的功能,生成以下配置:

在web.xml中:

     <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
     </context-param>
....
    <servlet>
        <servlet-name>BabyPortal</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>WEB-INF/spring/webmvc-config.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

在spring/webmvc-config.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   
    xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd                 http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd                 http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd   http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">

    <tx:annotation-driven/>
    <!-- …

我正在尝试使用Spring @Secured注释和AspectJ自动代理来使用我的Spring MVC应用程序,但它似乎没有代理或识别我的@Secured注释.我有一个像这样的控制器:

@Controller
@RequestMapping("/")
public class ApplicationController {

    private ApplicationFactory applicationFactory;

    @Inject
    public ApplicationController(ApplicationFactory applicationFactory) {
        super();
        this.applicationFactory = applicationFactory;
    }

    @Secured("ROLE_USER")
    @ResponseBody
    @RequestMapping(method = GET)
    public Application getApplicationInfo() {
        return applicationFactory.buildApplication(this);
    }

}

一个Spring安全XML看起来像这样:

码:

  <security:global-method-security secured-annotations="enabled" mode="aspectj" proxy-target-class="true" />

  <security:http auto-config="true" use-expressions="true">
    <security:http-basic/>
  </security:http>

上面是由no-xml Spring @Configuration组件加载的,如下所示:

@Configuration
@ComponentScan(basePackages = {"com.example"})
@EnableWebMvc
@ImportResource("classpath:security.xml")
public class ApplicationConfiguration extends WebMvcConfigurerAdapter {

}

反过来使用Servlet 3.0 WebApplicationInitializer加载:

public class SpringMvcInitializer implements WebApplicationInitializer {

    private final AnnotationConfigWebApplicationContext context = new AnnotationConfigWebApplicationContext();

    public …