how to add @secure annotation in spring security

 

how to add @Secure annoatation in controller's method and make it run? Now when I run it the got the exception like :

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'companyController' defined in file [C:workspacestsspringsourcevfabric-tc-server-developer-2.6.1.RELEASEspring-insight-instancewtpwebappsBillingEngineWEB-INFclassescomsesamicommonmanagementwebcontrollerCompanyController.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0': Cannot resolve reference to bean 'accessDecisionManager' while setting bean property 'accessDecisionManager'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'accessDecisionManager' is defined org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4723) at org.apache.catalina.core.StandardContext$1.call(StandardContext.java at java.lang.Thread.run(Unknown Source) Caused by: org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0': Cannot resolve reference to bean 'accessDecisionManager' while setting bean property 'accessDecisionManager'; nested exception is at ... 19 more

I have spring security .xml

http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

<global-method-security secured-annotations="enabled">
<!-- 
<protect-pointcut access="ROLE_ADMIN"
        expression="execution(* com.sesami.common.management.web.controller.AdminController.*(..))" />
         -->
</global-method-security>

<!-- URL pattern based security -->
<http auto-config="false" entry-point-ref="authenticationEntryPoint"
    use-expressions="true">
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
    <intercept-url access="hasRole('ROLE_ADMIN')" pattern="/common/admin/**" />
    <intercept-url pattern="/common/accounting/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/common/billing/**" access="hasRole('ROLE_COMPANY')" />
    <logout logout-success-url="/" logout-url="/logout"/>

</http>.........

And in controller i add like this 

@Secure("ROLE_ADMIN")
@RequestMapping(value = "/common/admin/addAdmin", method = RequestMethod.GET)
    public String add(ModelMap map) {
        map.addAttribute(new Administrator());
        return "/common/admin/addAdmin";
    }

Do i need to config or import some class? 

Cannot resolve reference to bean 'accessDecisionManager' while setting bean property 'accessDecisionManager'; nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'accessDecisionManager' is defined

Spring should be creating a default accessDecisionManager for you, but it looks like that isn't happening, probably due to some configuration issue. Just for kicks what happens if you set auto-config to true in your http config? 

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>

你必须定义这个bean。

链接地址: http://www.djcxy.com/p/68764.html

上一篇: Spring Data Neo4j和PlayFramework 2.1.1的正确配置是什么?

下一篇: 如何在spring security中添加@secure注释