Java Spring MVC+;安全@安全的+@请求映射
我有以下控制器:Java Spring MVC+;安全@安全的+@请求映射,java,spring-mvc,spring-security,Java,Spring Mvc,Spring Security,我有以下控制器: @Controller @RequestMapping("/api") public class APIProvider { @Secured(value = {"isAuthenticated()"}) @RequestMapping(value="/secure/{app}/{query}", method=RequestMethod.GET) @ResponseBody public ResponseEntity<String>
@Controller
@RequestMapping("/api")
public class APIProvider {
@Secured(value = {"isAuthenticated()"})
@RequestMapping(value="/secure/{app}/{query}", method=RequestMethod.GET)
@ResponseBody
public ResponseEntity<String> getList(HttpServletRequest request,
@PathVariable("app") String app,
@PathVariable("query") String query) {
//....DO SMTH
}
}
有人能帮我让
@security
+@RequestMapping
一起工作吗?在您的security.xml文件中,在添加以下行后,尝试使用此@security(“完全验证”)
:
<http use-expressions="true">
<intercept-url pattern="/api/secure/**" access="isFullyAuthenticated() />
</http>
我认为还需要包含安全表达式处理程序
<security:global-method-security pre-post-annotations="enabled" >
<security:expression-handler ref="expressionHandler"/>
</security:global-method-security>
<beans:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHa ndler">
<beans:property name="permissionEvaluator" ref="permissionEvaluator"/>
</beans:bean>
我猜isAuthenticated()无法重新加载。我认为您应该使用@Secured(value=“ROLE\u AUTHENTICATED”)仍然获得“页面未找到”。我应该在security-config.xml中定义经过身份验证的角色吗?或者它是由spring本身预定义的?我认为这取决于您如何配置authenticationProvider,因为我们使用sso,我们的默认角色是role_AUTHENTICATED:仍然收到“Page Not Found”消息
<security:global-method-security pre-post-annotations="enabled" >
<security:expression-handler ref="expressionHandler"/>
</security:global-method-security>
<beans:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHa ndler">
<beans:property name="permissionEvaluator" ref="permissionEvaluator"/>
</beans:bean>