Java Spring安全注释配置不执行任何操作
我在设置Spring Security时遇到问题。 首先,我有一个配置类,类似这样:Java Spring安全注释配置不执行任何操作,java,spring,hibernate,spring-mvc,spring-security,Java,Spring,Hibernate,Spring Mvc,Spring Security,我在设置Spring Security时遇到问题。 首先,我有一个配置类,类似这样: @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity @ComponentScan("com.boardviewer") public class BoardviewerConfiguration extends WebSecurityConfigurerAdapter { @Inject private Boardview
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
@ComponentScan("com.boardviewer")
public class BoardviewerConfiguration extends WebSecurityConfigurerAdapter {
@Inject
private BoardviewerSecurityService boardviewerSecurityService;
@Bean
public InternalResourceViewResolver internalResourceViewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/pages/");
resolver.setSuffix(".jsp");
return resolver;
}
@Bean /* The "${props} can now be parsed before runtime with this bean declaration */
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
/* Spring Sec */
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider() {
DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
dao.setUserDetailsService(boardviewerSecurityService);
return dao;
}
@Bean
public ProviderManager providerManager() {
List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
list.add(daoAuthenticationProvider());
return new ProviderManager(list);
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
auth.authenticationProvider(daoAuthenticationProvider());
auth.userDetailsService(boardviewerSecurityService);
}
}
@Service
public class BoardviewerSecurityService implements UserDetailsService {
@Inject
private UserDAO userDAO;
@Inject
private BoardviewerTransformer transformer;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
User u = userDAO.getByUsername(s);
if(u == null) {
throw new UsernameNotFoundException("Couldn't find a user with that username");
} else {
return transformer.userToSpringUser(u);
}
}
}
转换器只需将实体重新映射到SpringUserDetails用户对象org.springframework.security.core.UserDetails.User
我错过什么了吗?设置登录页面和url拦截器的一部分?我想我不需要这些,因为我只想控制类/方法级别的访问
非常感谢您的帮助
关于安全性仅在与中定义的bean相同的应用程序上下文中工作。将@EnableGlobalMethodSecurity移动/或添加到DispatcherServlet.@M.Deinum加载的配置中,但这是我唯一的配置文件。除了mvc-dispatcher-servlet.xml配置文件。但它几乎只包含注释驱动的属性。我把它贴在这里:我所有的bean都在第一个配置类中,我把它贴在OP的顶部。我需要添加一些东西来告诉Spring Security它应该是注释驱动的吗?问题是安全性是通过AOP应用的,AOP与BeanFactoryPostProcessors一起工作。这些只在相同应用程序上下文中的bean上运行。我猜这个配置类是由ContextLoaderListener而不是DispatcherServlet加载的。向mvc-dispatcher-servlet.xml添加标记。或者创建一个@Configuration类,将@EnableGlobalMethodSecurity置于其上,并将该类置于DispatcherServlet@M.Deinum您所说的行是什么意思,并将该类放置在DispatcherServlet的配置中?就像用?@M.Deinum声明一样,我在mvc-dispatcher-servlet.xml中有一个组件扫描,它不应该找到所有的@Configuration文件吗?它仍然不起作用。