小编Tw1*_*sty的帖子

我正在使用Spring框架mvc 3 + spring security 3.我想在我的spring security中启用角色层次结构.根据http://static.springsource.org/spring-security/site/docs/3.1.x/reference/authz-arch.html我应该写

<bean id="roleVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter">
    <constructor-arg ref="roleHierarchy" />
</bean>
<bean id="roleHierarchy"
    class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl">
<property name="hierarchy">
    ROLE_ADMIN > ROLE_STAFF
    ROLE_STAFF > ROLE_USER
    ROLE_USER > ROLE_GUEST
</property>
</bean>

但是我应该把它放在哪里？我试着把它放到我的app-security.xml中:

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    <http>
        <intercept-url pattern="/entryPost/**" access="ROLE_USER" requires-channel="https"/>
        <intercept-url pattern="/entryDelete/**" access="ROLE_ADMIN" requires-channel="https"/>
        <intercept-url pattern="/commentDelete/**" access="ROLE_ADMIN" requires-channel="https"/>
        <intercept-url pattern="/login" access="ROLE_ANONYMOUS" requires-channel="https"/>
        <form-login login-page="/login" default-target-url="/entryList/1" authentication-failure-url="/login?error=true" />
        <logout logout-success-url="/login" />
        <session-management>
            <concurrency-control max-sessions="1" />
        </session-management>
        <access-denied-handler error-page="/accessDenied"/>
    </http>
    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="SELECT username,password,'true' …

我正在使用spring framework 3.0.5.

我有一个表格:

<form:form method="POST" modelAttribute="postedEntry">
    Category: <form:select path="category" items="${menus}" itemValue="id" itemLabel="menuName"/><form:errors path="category"/>
    <br/>Title: <form:input path="title"/><form:errors path="title"/>
    <br/>Short Description: <form:textarea path="shortDesc"/><form:errors path="shortDesc"/>
    <br/>Body: <form:textarea path="body"/><form:errors path="body"/>
    <br/><input type="submit" value="POST IT!11"/>
</form:form>

和一个域类条目:

public class Entry {
    private int id;
    private int category;
    private String title;
    private String shortDesc;
    private String body;
    private Date date;
//getters and setters
}

和控制器:

@RequestMapping(value="/entryPost",method=RequestMethod.POST)
public String entryPost(@ModelAttribute("postedEntry") Entry entry,BindingResult result){
    entryValidator.validate(entry, result);
    if(result.hasErrors()){
        return "entryPost";
    }else{
        rusService.postEntry(entry);
        return "redirect:entryPost";
    }
}

在我的服务对象中:

public …