Fatal编程技术网
  • spring-security/
  • Spring security FilterSecurity Interceptor和metadatasource实现spring安全性

Spring security FilterSecurity Interceptor和metadatasource实现spring安全性

spring-security

Spring security FilterSecurity Interceptor和metadatasource实现spring安全性,spring-security,Spring Security,我创建了一个类,该类实现FilterInJournationSecurityMetaDataSource接口 我是这样实现的: public List<ConfigAttribute> getAttributes(Object object) { FilterInvocation fi = (FilterInvocation) object; Object principal = SecurityContextHolder.getContext().getAuthen

我创建了一个类,该类实现FilterInJournationSecurityMetaDataSource接口

我是这样实现的:

public List<ConfigAttribute> getAttributes(Object object) {
    FilterInvocation fi = (FilterInvocation) object;
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    Long companyId = ((ExtenededUser) principal).getCompany().getId();
    String url = fi.getRequestUrl();
    // String httpMethod = fi.getRequest().getMethod();
    List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
    FilterSecurityService service = (FilterSecurityService) SpringBeanFinder.findBean("filterSecurityService");
    Collection<Role> roles = service.getRoles(companyId);
    for (Role role : roles) {
        for (View view : role.getViews()) {
            if (view.getUrl().equalsIgnoreCase(url))
                attributes.add(new SecurityConfig(role.getName() + "_" + role.getCompany().getName()));
        }
    }
    return attributes;
}

<beans:bean id="filterChainProxy"
        class="org.springframework.security.web.FilterChainProxy">
        <filter-chain-map path-type="ant">
            <filter-chain filters="sif,filterSecurityInterceptor"
                pattern="/**" />
        </filter-chain-map>
    </beans:bean>    
<beans:bean id="filterSecurityInterceptor"
        class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
        <beans:property name="securityMetadataSource" ref="filterSecurityMetadataSource" />
    </beans:bean>
<beans:bean id="filterSecurityMetadataSource"
        class="com.mycompany.filter.FilterSecurityMetadataSource">
    </beans:bean>

public List getAttributes(对象){
FilterInvocation fi=(FilterInvocation)对象;
对象主体=SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Long companyId=((extendededuser)principal.getCompany().getId();
字符串url=fi.getRequestUrl();
//字符串httpMethod=fi.getRequest().getMethod();
列表属性=新的ArrayList();
FilterSecurityService=(FilterSecurityService)SpringBeanFinder.findBean(“FilterSecurityService”);
集合角色=service.getRoles(companyId);
for(角色:角色){
对于(视图:role.getViews()){
if(view.getUrl().equalsIgnoreCase(url))
add(新的SecurityConfig(role.getName()+“_”+role.getCompany().getName());
}
}
返回属性;
}
当我调试我的应用程序时,我看到它到达这个类,它只到达getAllConfigAttributes方法,正如我所说的是空的,并返回null。然后打印此警告: 无法验证配置属性,因为SecurityMetadataSource未从getAllConfigAttributes()返回任何属性

我的应用程序上下文-安全性如下所示:

public List<ConfigAttribute> getAttributes(Object object) {
    FilterInvocation fi = (FilterInvocation) object;
    Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    Long companyId = ((ExtenededUser) principal).getCompany().getId();
    String url = fi.getRequestUrl();
    // String httpMethod = fi.getRequest().getMethod();
    List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>();
    FilterSecurityService service = (FilterSecurityService) SpringBeanFinder.findBean("filterSecurityService");
    Collection<Role> roles = service.getRoles(companyId);
    for (Role role : roles) {
        for (View view : role.getViews()) {
            if (view.getUrl().equalsIgnoreCase(url))
                attributes.add(new SecurityConfig(role.getName() + "_" + role.getCompany().getName()));
        }
    }
    return attributes;
}

<beans:bean id="filterChainProxy"
        class="org.springframework.security.web.FilterChainProxy">
        <filter-chain-map path-type="ant">
            <filter-chain filters="sif,filterSecurityInterceptor"
                pattern="/**" />
        </filter-chain-map>
    </beans:bean>    
<beans:bean id="filterSecurityInterceptor"
        class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
        <beans:property name="securityMetadataSource" ref="filterSecurityMetadataSource" />
    </beans:bean>
<beans:bean id="filterSecurityMetadataSource"
        class="com.mycompany.filter.FilterSecurityMetadataSource">
    </beans:bean>
有什么问题吗?

对不起 我的错误

在代码中,我使用id=“securityFilterChaing”

虽然我应该使用id=“filterChainProxy”

抱歉 我的错误

在代码中,我使用id=“securityFilterChaing”

而我应该使用id=“filterChainProxy”