0

Definitely need some expert help with this! I think this is mainly a Spring Security question, but as I don't know for sure, so I am also tagging with the general Spring tag!

When the Application Context is loaded (mine is all via Java Config, though I don't believe that matters), the "DefaultListableBeanFactory" is processed and eventually (via the ProxyFactory) Spring Security Advisors are added. This is great when I have Spring Beans as I have Permissions that need authorization.

My question is: how do I get the same effect when I no longer require those classes to be Spring Beans? Said differently, if I have an object instance created as a singleton bean via Java Config and the authorization is working correctly, is it possible to maintain that with the object instance being a POJO? Again, for the experts, I want the interception chain returned in the JdkDynamicAopProxy to contain the Spring Security interceptors.

And "no", I am not really expecting an answer to this, maybe just hoping!!!

4

1 回答 1

3

将安全拦截器添加到未由 spring 容器切换global-security标记实例化的 bean 到模式aspectj并编织AnnotationSecurityAspectaspecj 模块中提供的。

对于您的第二个问题,我想您想要执行以下操作之一:

  • 使用 aProxyFactoryBean来固定 bean。

  • 以编程方式创建安全代理:使用ProxyFactory.addAdvice()方法。

  • 将安全拦截器添加到由 : 创建的所有代理中,AutoProxyCreator这通常不需要,但您可以使用该AbstractAutoProxyCreator.interceptorNames属性添加常见的拦截器。global-security标签解析器使用生成的名称,MethodSecurityInterceptor因此您需要手动配置拦截器并设置一致的SecurityMetadataSource.

于 2013-05-02T11:25:58.470 回答