Fatal编程技术网
  • spring-security/
  • Spring security 在Spring 3.1中未调用CustomPermissionEvaluator

Spring security 在Spring 3.1中未调用CustomPermissionEvaluator

spring-security

Spring security 在Spring 3.1中未调用CustomPermissionEvaluator,spring-security,Spring Security,我实现了一个自定义PermissionEvaluator,并将其配置如下 <security:http access-denied-page="/" auto-config="true" use-expressions="true"> <security:anonymous /> <security:form-login always-use-default-target="false" default-target-url="/people/log

我实现了一个自定义PermissionEvaluator,并将其配置如下

<security:http access-denied-page="/" auto-config="true" use-expressions="true">
    <security:anonymous />
    <security:form-login always-use-default-target="false" default-target-url="/people/login/redirect" login-page="/people/login" login-processing-url="/people/login/submit" password-parameter="password" username-parameter="emailAddress" />
    <security:logout delete-cookies="true" invalidate-session="true" logout-success-url="/people/login/redirect" logout-url="/people/logout" />
</security:http>

<security:authentication-manager erase-credentials="false">
    <security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" >
    <security:expression-handler ref="expressionHandler"/>
</security:global-method-security>


<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="appPermissionEvaluator"/>
</bean>

<bean class="com.web.security.ApplicationPermissionEvaluator" id="appPermissionEvaluator" />

@PreAuthorize("hasPermission(#accountCode, 'AdministerPosition')")
    @RequestMapping(method = RequestMethod.GET, value =  "/cloud/{account}/position")
    public String list(@PathVariable String account, @RequestParam(required = false, value = URLParameter.ACCOUNT_CODE) final String accountCode, final Model model) {

}


<security:http access-denied-page="/" auto-config="true" use-expressions="true">
    <security:anonymous />
    <security:form-login always-use-default-target="false" default-target-url="/people/login/redirect" login-page="/people/login" login-processing-url="/people/login/submit" password-parameter="password" username-parameter="emailAddress" />
    <security:logout delete-cookies="true" invalidate-session="true" logout-success-url="/people/login/redirect" logout-url="/people/logout" />
</security:http>

<security:authentication-manager erase-credentials="false">
    <security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" >
    <security:expression-handler ref="expressionHandler"/>
</security:global-method-security>


<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="appPermissionEvaluator"/>
</bean>

<bean class="com.web.security.ApplicationPermissionEvaluator" id="appPermissionEvaluator" />
在本例中,我从未在我的
ApplicationPermissionEvaluator
类中获得控件

<security:http access-denied-page="/" auto-config="true" use-expressions="true">
    <security:anonymous />
    <security:form-login always-use-default-target="false" default-target-url="/people/login/redirect" login-page="/people/login" login-processing-url="/people/login/submit" password-parameter="password" username-parameter="emailAddress" />
    <security:logout delete-cookies="true" invalidate-session="true" logout-success-url="/people/login/redirect" logout-url="/people/logout" />
</security:http>

<security:authentication-manager erase-credentials="false">
    <security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" >
    <security:expression-handler ref="expressionHandler"/>
</security:global-method-security>


<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="appPermissionEvaluator"/>
</bean>

<bean class="com.web.security.ApplicationPermissionEvaluator" id="appPermissionEvaluator" />
我发现在我的案例中总是执行
DenyAllPermissionEvaluator
,并显示以下错误消息

<security:http access-denied-page="/" auto-config="true" use-expressions="true">
    <security:anonymous />
    <security:form-login always-use-default-target="false" default-target-url="/people/login/redirect" login-page="/people/login" login-processing-url="/people/login/submit" password-parameter="password" username-parameter="emailAddress" />
    <security:logout delete-cookies="true" invalidate-session="true" logout-success-url="/people/login/redirect" logout-url="/people/logout" />
</security:http>

<security:authentication-manager erase-credentials="false">
    <security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" >
    <security:expression-handler ref="expressionHandler"/>
</security:global-method-security>


<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="appPermissionEvaluator"/>
</bean>

<bean class="com.web.security.ApplicationPermissionEvaluator" id="appPermissionEvaluator" />

DenyAllPermissionEvaluator - Denying user ****** permission 'AdministerPosition'
请尽快给我这个建议。我真的被困在这个问题上了。

让这个工作正常的方法是在spring mvc上下文中配置
,而不是在主上下文中

<security:http access-denied-page="/" auto-config="true" use-expressions="true">
    <security:anonymous />
    <security:form-login always-use-default-target="false" default-target-url="/people/login/redirect" login-page="/people/login" login-processing-url="/people/login/submit" password-parameter="password" username-parameter="emailAddress" />
    <security:logout delete-cookies="true" invalidate-session="true" logout-success-url="/people/login/redirect" logout-url="/people/logout" />
</security:http>

<security:authentication-manager erase-credentials="false">
    <security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" >
    <security:expression-handler ref="expressionHandler"/>
</security:global-method-security>


<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="appPermissionEvaluator"/>
</bean>

<bean class="com.web.security.ApplicationPermissionEvaluator" id="appPermissionEvaluator" />
i、 e.在这里
mvcservlet context.xml

<security:http access-denied-page="/" auto-config="true" use-expressions="true">
    <security:anonymous />
    <security:form-login always-use-default-target="false" default-target-url="/people/login/redirect" login-page="/people/login" login-processing-url="/people/login/submit" password-parameter="password" username-parameter="emailAddress" />
    <security:logout delete-cookies="true" invalidate-session="true" logout-success-url="/people/login/redirect" logout-url="/people/logout" />
</security:http>

<security:authentication-manager erase-credentials="false">
    <security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" >
    <security:expression-handler ref="expressionHandler"/>
</security:global-method-security>


<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="appPermissionEvaluator"/>
</bean>

<bean class="com.web.security.ApplicationPermissionEvaluator" id="appPermissionEvaluator" />

 <servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:META-INF/spring/mvc-servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>


appServlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
类路径:META-INF/spring/mvc-servlet-context.xml
1.
实现此功能的方法是在spring mvc上下文中配置
,而不是在主上下文中

<security:http access-denied-page="/" auto-config="true" use-expressions="true">
    <security:anonymous />
    <security:form-login always-use-default-target="false" default-target-url="/people/login/redirect" login-page="/people/login" login-processing-url="/people/login/submit" password-parameter="password" username-parameter="emailAddress" />
    <security:logout delete-cookies="true" invalidate-session="true" logout-success-url="/people/login/redirect" logout-url="/people/logout" />
</security:http>

<security:authentication-manager erase-credentials="false">
    <security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" >
    <security:expression-handler ref="expressionHandler"/>
</security:global-method-security>


<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="appPermissionEvaluator"/>
</bean>

<bean class="com.web.security.ApplicationPermissionEvaluator" id="appPermissionEvaluator" />
i、 e.在这里
mvcservlet context.xml

<security:http access-denied-page="/" auto-config="true" use-expressions="true">
    <security:anonymous />
    <security:form-login always-use-default-target="false" default-target-url="/people/login/redirect" login-page="/people/login" login-processing-url="/people/login/submit" password-parameter="password" username-parameter="emailAddress" />
    <security:logout delete-cookies="true" invalidate-session="true" logout-success-url="/people/login/redirect" logout-url="/people/logout" />
</security:http>

<security:authentication-manager erase-credentials="false">
    <security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>

<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled" >
    <security:expression-handler ref="expressionHandler"/>
</security:global-method-security>


<bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
     <property name="permissionEvaluator" ref="appPermissionEvaluator"/>
</bean>

<bean class="com.web.security.ApplicationPermissionEvaluator" id="appPermissionEvaluator" />

 <servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:META-INF/spring/mvc-servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>


appServlet
org.springframework.web.servlet.DispatcherServlet
上下文配置位置
类路径:META-INF/spring/mvc-servlet-context.xml
1.