Fatal编程技术网
  • spring-mvc/
  • Spring mvc @预授权Being被Spring忽略

Spring mvc @预授权Being被Spring忽略

spring-mvc spring-security

Spring mvc @预授权Being被Spring忽略,spring-mvc,spring-security,Spring Mvc,Spring Security,我正在使用Spring Security在我的WebApp中进行角色检查 spring-security-config.xml <http auto-config="true" authentication-manager-ref="adminAuthMgr"> <intercept-url pattern="/admin/**" access="hasAuthority('PERM_ACCESS_ADMIN

我正在使用Spring Security在我的WebApp中进行角色检查

spring-security-config.xml

    <http auto-config="true" authentication-manager-ref="adminAuthMgr">
        <intercept-url pattern="/admin/**"
                       access="hasAuthority('PERM_ACCESS_ADMIN_AREA')" />

        <form-login login-page="/login" default-target-url="/admin/dashboard"
                    authentication-failure-url="/login?error"
                    username-parameter="username" password-parameter="password"
                    login-processing-url="/j_spring_security_check" />

        <logout logout-url="/j_spring_security_logout"
                logout-success-url="/login?logout" />
        <csrf />
    </http>

    <global-method-security pre-post-annotations="enabled"/>

    <authentication-manager alias="adminAuthMgr">
        <authentication-provider
            user-service-ref="liveUserDetailsService">
            <password-encoder hash="bcrypt" />
        </authentication-provider>
    </authentication-manager>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd ">

    <context:component-scan base-package="de.paluno.live" />

    <global-method-security pre-post-annotations="enabled"/>

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass"
            value="org.springframework.web.servlet.view.JstlView" />
        <property name="prefix" value="/WEB-INF/views/jsp/" />
        <property name="suffix" value=".jsp" />
    </bean>

    <bean id="multipartResolver"
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="100000" />
    </bean>

    <mvc:resources mapping="/resources/**" location="/resources/" />

    <mvc:annotation-driven />

    <mvc:interceptors>
        <bean
            class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
            <property name="paramName" value="language" />
        </bean>
    </mvc:interceptors>
</beans>

<global-method-security pre-post-annotations="enabled"/>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

    <security:global-method-security pre-post-annotations="enabled"/>
有人知道为什么忽略注释吗

<servlet>
        <servlet-name>spring-mvc-servlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>/WEB-INF/spring-mvc-config.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
        <async-supported>true</async-supported>
    </servlet>


SpringMVCServlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
/WEB-INF/spring-mvc-config.xml
1.
真的
spring-mvc-config.xml

    <http auto-config="true" authentication-manager-ref="adminAuthMgr">
        <intercept-url pattern="/admin/**"
                       access="hasAuthority('PERM_ACCESS_ADMIN_AREA')" />

        <form-login login-page="/login" default-target-url="/admin/dashboard"
                    authentication-failure-url="/login?error"
                    username-parameter="username" password-parameter="password"
                    login-processing-url="/j_spring_security_check" />

        <logout logout-url="/j_spring_security_logout"
                logout-success-url="/login?logout" />
        <csrf />
    </http>

    <global-method-security pre-post-annotations="enabled"/>

    <authentication-manager alias="adminAuthMgr">
        <authentication-provider
            user-service-ref="liveUserDetailsService">
            <password-encoder hash="bcrypt" />
        </authentication-provider>
    </authentication-manager>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd ">

    <context:component-scan base-package="de.paluno.live" />

    <global-method-security pre-post-annotations="enabled"/>

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass"
            value="org.springframework.web.servlet.view.JstlView" />
        <property name="prefix" value="/WEB-INF/views/jsp/" />
        <property name="suffix" value=".jsp" />
    </bean>

    <bean id="multipartResolver"
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="100000" />
    </bean>

    <mvc:resources mapping="/resources/**" location="/resources/" />

    <mvc:annotation-driven />

    <mvc:interceptors>
        <bean
            class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
            <property name="paramName" value="language" />
        </bean>
    </mvc:interceptors>
</beans>

<global-method-security pre-post-annotations="enabled"/>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

    <security:global-method-security pre-post-annotations="enabled"/>
感谢迪纳姆先生,他帮助我们找到了答案

解决方案:

spring-security-config.xml

    <http auto-config="true" authentication-manager-ref="adminAuthMgr">
        <intercept-url pattern="/admin/**"
                       access="hasAuthority('PERM_ACCESS_ADMIN_AREA')" />

        <form-login login-page="/login" default-target-url="/admin/dashboard"
                    authentication-failure-url="/login?error"
                    username-parameter="username" password-parameter="password"
                    login-processing-url="/j_spring_security_check" />

        <logout logout-url="/j_spring_security_logout"
                logout-success-url="/login?logout" />
        <csrf />
    </http>

    <global-method-security pre-post-annotations="enabled"/>

    <authentication-manager alias="adminAuthMgr">
        <authentication-provider
            user-service-ref="liveUserDetailsService">
            <password-encoder hash="bcrypt" />
        </authentication-provider>
    </authentication-manager>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd ">

    <context:component-scan base-package="de.paluno.live" />

    <global-method-security pre-post-annotations="enabled"/>

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass"
            value="org.springframework.web.servlet.view.JstlView" />
        <property name="prefix" value="/WEB-INF/views/jsp/" />
        <property name="suffix" value=".jsp" />
    </bean>

    <bean id="multipartResolver"
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="100000" />
    </bean>

    <mvc:resources mapping="/resources/**" location="/resources/" />

    <mvc:annotation-driven />

    <mvc:interceptors>
        <bean
            class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
            <property name="paramName" value="language" />
        </bean>
    </mvc:interceptors>
</beans>

<global-method-security pre-post-annotations="enabled"/>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

    <security:global-method-security pre-post-annotations="enabled"/>
spring-mvc-config.xml

    <http auto-config="true" authentication-manager-ref="adminAuthMgr">
        <intercept-url pattern="/admin/**"
                       access="hasAuthority('PERM_ACCESS_ADMIN_AREA')" />

        <form-login login-page="/login" default-target-url="/admin/dashboard"
                    authentication-failure-url="/login?error"
                    username-parameter="username" password-parameter="password"
                    login-processing-url="/j_spring_security_check" />

        <logout logout-url="/j_spring_security_logout"
                logout-success-url="/login?logout" />
        <csrf />
    </http>

    <global-method-security pre-post-annotations="enabled"/>

    <authentication-manager alias="adminAuthMgr">
        <authentication-provider
            user-service-ref="liveUserDetailsService">
            <password-encoder hash="bcrypt" />
        </authentication-provider>
    </authentication-manager>

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd ">

    <context:component-scan base-package="de.paluno.live" />

    <global-method-security pre-post-annotations="enabled"/>

    <bean
        class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass"
            value="org.springframework.web.servlet.view.JstlView" />
        <property name="prefix" value="/WEB-INF/views/jsp/" />
        <property name="suffix" value=".jsp" />
    </bean>

    <bean id="multipartResolver"
        class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
        <property name="maxUploadSize" value="100000" />
    </bean>

    <mvc:resources mapping="/resources/**" location="/resources/" />

    <mvc:annotation-driven />

    <mvc:interceptors>
        <bean
            class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
            <property name="paramName" value="language" />
        </bean>
    </mvc:interceptors>
</beans>

<global-method-security pre-post-annotations="enabled"/>

<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

    <security:global-method-security pre-post-annotations="enabled"/>
元素放在配置中,该元素也会加载控制器,否则它将无法工作。Sry,我不知道你的意思。我有一个spring-core-config.xml、spring-mvc-config-xml、spring-security-config.xml和一个ApplicationConfiguration扩展了WebMVCConfigureAdapter类。通常,您在
ContextLoaderListener
中加载安全内容,而与web相关的内容则由
DispatcherServlet
加载。后者应该包含前面提到的xml标记。找到servlet,但在添加元素时,IntelliJ将其标记为“此处不允许”。它也没有效果。我在上面的帖子中添加了servlet代码。请再次阅读。。。它需要进入您的
spring mvc config.xml