如何在spring security中添加@secure注释

2018-06-24 13:09:03

如何在控制器的方法中添加@Secure annoatation并使其运行？现在，当我运行它时，得到了如下异常：

org.springframework.beans.factory.BeanCreationException：在文件[C： workspace sts springsource vfabric-tc-server-developer-2.6.1.RELEASE spring-insight-instance中定义名称'companyController' wtpwebapps BillingEngine WEB-INF classes com sesami common management web controller CompanyController.class]：bean初始化失败; 嵌套的异常是org.springframework.aop.framework.AopConfigException：意外的AOP异常; 嵌套异常是org.springframework.beans.factory.BeanCreationException：使用名称'org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor＃0'创建bean时出错：无法在设置bean属性'accessDecisionManager时解析对bean'accessDecisionManager'的引用“; 嵌套异常是org.springframework.beans.factory.NoSuchBeanDefinitionException：没有名为'accessDecisionManager'的bean在org.apache.catalina.core.StandardContext中定义org.apache.catalina.core.StandardContext.listenerStart（StandardContext.java:4723）$ 1 .call（java.lang.Thread.run处的StandardContext.java（未知源））引起的：org.springframework.aop.framework.AopConfigException：意外的AOP异常;嵌套的异常是org.springframework.beans.factory.BeanCreationException：创建错误名为'org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor＃0'的bean：设置bean属性'accessDecisionManager'时无法解析对bean'accessDecisionManager'的引用;嵌套异常在... 19更多

我有spring security .xml

http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-安全3.0.xsd“>

<global-method-security secured-annotations="enabled">
<!-- 
<protect-pointcut access="ROLE_ADMIN"
        expression="execution(* com.sesami.common.management.web.controller.AdminController.*(..))" />
         -->
</global-method-security>

<!-- URL pattern based security -->
<http auto-config="false" entry-point-ref="authenticationEntryPoint"
    use-expressions="true">
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
    <intercept-url access="hasRole('ROLE_ADMIN')" pattern="/common/admin/**" />
    <intercept-url pattern="/common/accounting/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/common/billing/**" access="hasRole('ROLE_COMPANY')" />
    <logout logout-success-url="/" logout-url="/logout"/>

</http>.........

在控制器中，我添加这样的

@Secure("ROLE_ADMIN")
@RequestMapping(value = "/common/admin/addAdmin", method = RequestMethod.GET)
    public String add(ModelMap map) {
        map.addAttribute(new Administrator());
        return "/common/admin/addAdmin";
    }

我是否需要配置或导入某个类？

Cannot resolve reference to bean 'accessDecisionManager' while setting bean property 'accessDecisionManager'; nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'accessDecisionManager' is defined

Spring应该为你创建一个默认的accessDecisionManager，但看起来没有发生，可能是由于一些配置问题。只是踢脚本如果你在你的http配置中将auto-config设置为true，会发生什么？

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>

你必须定义这个bean。

链接地址: http://www.djcxy.com/p/68763.html

上一篇: how to add @secure annotation in spring security

下一篇: Spring 3.1: DataSource not autowired to @Configuration class