Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/365.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 弹簧“@RolesAllowed”被忽略?_Java_Spring Boot_Kotlin_Spring Security_Vaadin - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 弹簧“@RolesAllowed”被忽略?

Java 弹簧“@RolesAllowed”被忽略?

java spring-boot kotlin spring-security vaadin

Java 弹簧“@RolesAllowed”被忽略?,java,spring-boot,kotlin,spring-security,vaadin,Java,Spring Boot,Kotlin,Spring Security,Vaadin,好的,我有一个Vaadin应用程序(出于遗留原因为vaadin8),我正在与Spring安全性集成 这项功能非常有效,非管理员用户的访问被拒绝: @Secured("ROLE_ADMIN") @SpringView(name = AdminHomeView.NAME) class AdminHomeView : View, VerticalLayout(){ companion object { const val NAME = "admin/home" }

好的,我有一个Vaadin应用程序(出于遗留原因为vaadin8),我正在与Spring安全性集成

这项功能非常有效,非管理员用户的访问被拒绝:

@Secured("ROLE_ADMIN")
@SpringView(name = AdminHomeView.NAME)
class AdminHomeView : View, VerticalLayout(){
    companion object {
        const val NAME = "admin/home"
    }

    @PostConstruct
    internal fun init(){
        val label = Label()
        label.id = "label.msg"
        label.value = "This is the protected admin section. You are authenticated and authorized."

        this.addComponents(
                label
        )
    }
}
但是如果我将
@Secured
替换为
@RolesAllowed
,则注释将被忽略,非管理员用户可以访问该视图

这是我的配置:

@Configuration
@EnableWebSecurity
@EnableVaadin
@EnableVaadinSharedSecurity
@EnableGlobalMethodSecurity(
        securedEnabled = true,
        prePostEnabled = true, 
        jsr250Enabled = true,
        proxyTargetClass = true
)
class VaadinAwareSecurityConfiguration : WebSecurityConfigurerAdapter {

    private val userDetailsService: UserDetailsService

    @Inject
    constructor(userDetailsService: UserDetailsService) : super() {
        this.userDetailsService = userDetailsService
    }


    override fun configure(http: HttpSecurity) {
        http
            .csrf().disable() //vaadin has its own csrf protection, therefore this must be disabled
            .httpBasic().disable()
            .formLogin().disable()
            .authorizeRequests()
                .antMatchers("/login").anonymous()
                .antMatchers("/vaadinServlet/UIDL/**").permitAll()
                .antMatchers("/vaadinServlet/HEARTBEAT/**").permitAll()
                .anyRequest().authenticated()
                .and()
            .logout()
                .addLogoutHandler(logoutHandler())
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login?goodbye").permitAll()
                .and()
            .exceptionHandling()
                .authenticationEntryPoint(LoginUrlAuthenticationEntryPoint("/login"))
    }

    override fun configure(web: WebSecurity) {
        web
            .ignoring().antMatchers(
                "/VAADIN/**"
            )
    }

    override fun configure(auth: AuthenticationManagerBuilder) {

        auth
                .userDetailsService(userDetailsService)
                .passwordEncoder(passwordEncoder())
    }

    private fun logoutHandler():LogoutHandler{
        return VaadinSessionClosingLogoutHandler()
    }

    @Bean
    fun passwordEncoder(): PasswordEncoder {
        return BCryptPasswordEncoder(12)
    }

    @Bean
    fun myAuthenticationManager():AuthenticationManager{
        return super.authenticationManagerBean()
    }
}
我遗漏了什么吗?

您尝试过这里的建议吗@阿纳斯米:不。这是一个完全不同的问题。请注意,这也不会有任何区别:/你在这里尝试过建议吗@阿纳斯米:不。这是一个完全不同的问题。请注意,这也不会造成任何区别:/