Spring mvc @预授权Being被Spring忽略
我正在使用Spring Security在我的WebApp中进行角色检查 spring-security-config.xmlSpring mvc @预授权Being被Spring忽略,spring-mvc,spring-security,Spring Mvc,Spring Security,我正在使用Spring Security在我的WebApp中进行角色检查 spring-security-config.xml <http auto-config="true" authentication-manager-ref="adminAuthMgr"> <intercept-url pattern="/admin/**" access="hasAuthority('PERM_ACCESS_ADMIN
<http auto-config="true" authentication-manager-ref="adminAuthMgr">
<intercept-url pattern="/admin/**"
access="hasAuthority('PERM_ACCESS_ADMIN_AREA')" />
<form-login login-page="/login" default-target-url="/admin/dashboard"
authentication-failure-url="/login?error"
username-parameter="username" password-parameter="password"
login-processing-url="/j_spring_security_check" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login?logout" />
<csrf />
</http>
<global-method-security pre-post-annotations="enabled"/>
<authentication-manager alias="adminAuthMgr">
<authentication-provider
user-service-ref="liveUserDetailsService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd ">
<context:component-scan base-package="de.paluno.live" />
<global-method-security pre-post-annotations="enabled"/>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="100000" />
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
<mvc:interceptors>
<bean
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="language" />
</bean>
</mvc:interceptors>
</beans>
<global-method-security pre-post-annotations="enabled"/>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:global-method-security pre-post-annotations="enabled"/>
有人知道为什么忽略注释吗
<servlet>
<servlet-name>spring-mvc-servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
SpringMVCServlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
/WEB-INF/spring-mvc-config.xml
1.
真的
spring-mvc-config.xml
<http auto-config="true" authentication-manager-ref="adminAuthMgr">
<intercept-url pattern="/admin/**"
access="hasAuthority('PERM_ACCESS_ADMIN_AREA')" />
<form-login login-page="/login" default-target-url="/admin/dashboard"
authentication-failure-url="/login?error"
username-parameter="username" password-parameter="password"
login-processing-url="/j_spring_security_check" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login?logout" />
<csrf />
</http>
<global-method-security pre-post-annotations="enabled"/>
<authentication-manager alias="adminAuthMgr">
<authentication-provider
user-service-ref="liveUserDetailsService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd ">
<context:component-scan base-package="de.paluno.live" />
<global-method-security pre-post-annotations="enabled"/>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="100000" />
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
<mvc:interceptors>
<bean
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="language" />
</bean>
</mvc:interceptors>
</beans>
<global-method-security pre-post-annotations="enabled"/>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:global-method-security pre-post-annotations="enabled"/>
感谢迪纳姆先生,他帮助我们找到了答案 解决方案: spring-security-config.xml
<http auto-config="true" authentication-manager-ref="adminAuthMgr">
<intercept-url pattern="/admin/**"
access="hasAuthority('PERM_ACCESS_ADMIN_AREA')" />
<form-login login-page="/login" default-target-url="/admin/dashboard"
authentication-failure-url="/login?error"
username-parameter="username" password-parameter="password"
login-processing-url="/j_spring_security_check" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login?logout" />
<csrf />
</http>
<global-method-security pre-post-annotations="enabled"/>
<authentication-manager alias="adminAuthMgr">
<authentication-provider
user-service-ref="liveUserDetailsService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd ">
<context:component-scan base-package="de.paluno.live" />
<global-method-security pre-post-annotations="enabled"/>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="100000" />
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
<mvc:interceptors>
<bean
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="language" />
</bean>
</mvc:interceptors>
</beans>
<global-method-security pre-post-annotations="enabled"/>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:global-method-security pre-post-annotations="enabled"/>
spring-mvc-config.xml
<http auto-config="true" authentication-manager-ref="adminAuthMgr">
<intercept-url pattern="/admin/**"
access="hasAuthority('PERM_ACCESS_ADMIN_AREA')" />
<form-login login-page="/login" default-target-url="/admin/dashboard"
authentication-failure-url="/login?error"
username-parameter="username" password-parameter="password"
login-processing-url="/j_spring_security_check" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login?logout" />
<csrf />
</http>
<global-method-security pre-post-annotations="enabled"/>
<authentication-manager alias="adminAuthMgr">
<authentication-provider
user-service-ref="liveUserDetailsService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd ">
<context:component-scan base-package="de.paluno.live" />
<global-method-security pre-post-annotations="enabled"/>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="100000" />
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
<mvc:interceptors>
<bean
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="language" />
</bean>
</mvc:interceptors>
</beans>
<global-method-security pre-post-annotations="enabled"/>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:global-method-security pre-post-annotations="enabled"/>
将
元素放在配置中,该元素也会加载控制器,否则它将无法工作。Sry,我不知道你的意思。我有一个spring-core-config.xml、spring-mvc-config-xml、spring-security-config.xml和一个ApplicationConfiguration扩展了WebMVCConfigureAdapter类。通常,您在ContextLoaderListener
中加载安全内容,而与web相关的内容则由DispatcherServlet
加载。后者应该包含前面提到的xml标记。找到servlet,但在添加元素时,IntelliJ将其标记为“此处不允许”。它也没有效果。我在上面的帖子中添加了servlet代码。请再次阅读。。。它需要进入您的spring mvc config.xml
。