0

可能重复:
Spring Security 可以在 Spring 控制器方法上使用 @PreAuthorize 吗?

这是我的配置: pom.xml

<!-- Spring Security -->
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
    <version>${spring-security.version}</version>
    <scope>compile</scope>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-taglibs</artifactId>
    <version>${spring-security.version}</version>
    <scope>compile</scope>
</dependency>
<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>${spring-security.version}</version>
    <scope>compile</scope>
</dependency>

<!-- AOP dependency -->
<dependency>
    <groupId>cglib</groupId>
    <artifactId>cglib</artifactId>
    <version>2.2</version>
</dependency>
<!-- end of Spring Security -->

这是security.xml ->

    <!-- secured-annotations = (@Secured("ROLE_ADMIN")) -->
    <!-- jsr250-annotations = (@RunAs @RolesAllowed @PermitAll @DenyAll @DeclareRoles) -->
    <!-- pre-post-annotations = @PreAuthorized("hasAuthority('ROLE_ADMIN')") -->

<global-method-security secured-annotations="disabled"
                        jsr250-annotations="disabled"
                        pre-post-annotations="enabled"/>

<http       auto-config='true' 
            disable-url-rewriting="true" 
            access-denied-page="/WEB-INF/jsp/errors/accessDenied.jsp">


    <anonymous granted-authority="ROLE_ANONYMOUS" key="anonymous"/>


    <logout logout-url="/logout.do" logout-success-url="/" />

    <form-login always-use-default-target="false" 
        authentication-failure-url="/?authfailed=true" 
        default-target-url="/person"
        login-page="/" 
        login-processing-url="/login"
        username-parameter="username" 
        password-parameter="password" 
         />

      <remember-me key="rememberMe" services-ref="rememberMeService"/>
</http>

当我尝试运行任何控制器时 ->

@RequestMapping("/person") 公共类 PersonController {

@RequestMapping("")
    @PreAuthorize("hasAuthority('ROLE_ADMIN')")
public String root() {
    doStuff();
    return "redirect:/person/home";
}

与任何不同的角色,我得到了正确的结果。所以 @PreAuthorize("hasAuthority('ROLE_ADMIN')") 注释不起作用。

没有编译错误,没有运行时异常。

谢谢。

4

0 回答 0