在我的应用程序中,我只想保护方法,所以我创建了这个简单的安全上下文:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.1.xsd">
<http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<intercept-url pattern="/**" access="permitAll" />
</http>
<global-method-security pre-post-annotations="enabled" />
</beans:beans>
在我的服务中,我有登录表单提交时调用的方法登录,但我不知道应该有什么请帮助:
public ExtDirectFormPostResult login(Person person, BindingResult result) {
ExtDirectFormPostResult postResult = new ExtDirectFormPostResult(result);
logger.error("logiiiiiiiiin ");
// what to do to allow using annotatedmethod @PreAuthorize("hasRole('ROLE_ADMIN')")?
return postResult;
}