Java 弹簧“@RolesAllowed”被忽略?
好的,我有一个Vaadin应用程序(出于遗留原因为vaadin8),我正在与Spring安全性集成 这项功能非常有效,非管理员用户的访问被拒绝:Java 弹簧“@RolesAllowed”被忽略?,java,spring-boot,kotlin,spring-security,vaadin,Java,Spring Boot,Kotlin,Spring Security,Vaadin,好的,我有一个Vaadin应用程序(出于遗留原因为vaadin8),我正在与Spring安全性集成 这项功能非常有效,非管理员用户的访问被拒绝: @Secured("ROLE_ADMIN") @SpringView(name = AdminHomeView.NAME) class AdminHomeView : View, VerticalLayout(){ companion object { const val NAME = "admin/home" }
@Secured("ROLE_ADMIN")
@SpringView(name = AdminHomeView.NAME)
class AdminHomeView : View, VerticalLayout(){
companion object {
const val NAME = "admin/home"
}
@PostConstruct
internal fun init(){
val label = Label()
label.id = "label.msg"
label.value = "This is the protected admin section. You are authenticated and authorized."
this.addComponents(
label
)
}
}
但是如果我将@Secured
替换为@RolesAllowed
,则注释将被忽略,非管理员用户可以访问该视图
这是我的配置:
@Configuration
@EnableWebSecurity
@EnableVaadin
@EnableVaadinSharedSecurity
@EnableGlobalMethodSecurity(
securedEnabled = true,
prePostEnabled = true,
jsr250Enabled = true,
proxyTargetClass = true
)
class VaadinAwareSecurityConfiguration : WebSecurityConfigurerAdapter {
private val userDetailsService: UserDetailsService
@Inject
constructor(userDetailsService: UserDetailsService) : super() {
this.userDetailsService = userDetailsService
}
override fun configure(http: HttpSecurity) {
http
.csrf().disable() //vaadin has its own csrf protection, therefore this must be disabled
.httpBasic().disable()
.formLogin().disable()
.authorizeRequests()
.antMatchers("/login").anonymous()
.antMatchers("/vaadinServlet/UIDL/**").permitAll()
.antMatchers("/vaadinServlet/HEARTBEAT/**").permitAll()
.anyRequest().authenticated()
.and()
.logout()
.addLogoutHandler(logoutHandler())
.logoutUrl("/logout")
.logoutSuccessUrl("/login?goodbye").permitAll()
.and()
.exceptionHandling()
.authenticationEntryPoint(LoginUrlAuthenticationEntryPoint("/login"))
}
override fun configure(web: WebSecurity) {
web
.ignoring().antMatchers(
"/VAADIN/**"
)
}
override fun configure(auth: AuthenticationManagerBuilder) {
auth
.userDetailsService(userDetailsService)
.passwordEncoder(passwordEncoder())
}
private fun logoutHandler():LogoutHandler{
return VaadinSessionClosingLogoutHandler()
}
@Bean
fun passwordEncoder(): PasswordEncoder {
return BCryptPasswordEncoder(12)
}
@Bean
fun myAuthenticationManager():AuthenticationManager{
return super.authenticationManagerBean()
}
}
我遗漏了什么吗?您尝试过这里的建议吗@阿纳斯米:不。这是一个完全不同的问题。请注意,这也不会有任何区别:/你在这里尝试过建议吗@阿纳斯米:不。这是一个完全不同的问题。请注意,这也不会造成任何区别:/