1

我有一个 JPA 实体类,并试图通过向该方法添加安全注释来保护删除方法。我的 JPA 实体未在我的应用程序上下文 xml 中定义,因此我在 context.xml 中使用了以下内容来尝试启用 Aspect J。

<sec:global-method-security secured-annotations="enabled" mode="aspectj"  />

我正在使用 maven 插件进行静态编译时编织,在我的日志中我看不到任何问题

Generating code...

[INFO] 
[INFO] --- aspectj-maven-plugin:1.2:compile (default) @ SubmissionTool ---
[WARNING] advice defined in org.springframework.scheduling.aspectj.AbstractAsyncExecutionAspect has not been applied [Xlint:adviceDidNotMatch]
[WARNING] advice defined in org.springframework.mock.staticmock.AnnotationDrivenStaticEntityMockingControl has not been applied [Xlint:adviceDidNotMatch]
[WARNING] advice defined in org.springframework.mock.staticmock.AbstractMethodMockingControl has not been applied [Xlint:adviceDidNotMatch]
[INFO]

我在其上定义了注释的 JPA 实体是一个抽象类,它具有使用 remove 方法的子类。我的 JPA 类中存在以下注释

@Entity
@Configurable

删除方法就像

@Transactional
    @Secured(value = {"ROLE_ADMINS"})
    public void remove() {
        if (this.entityManager == null) this.entityManager = entityManager();
        if (this.entityManager.contains(this)) {
            this.entityManager.remove(this);
        } else {
            Submission attached = Submission.findSubmission(this.id);
            this.entityManager.remove(attached);
        }
    }

角色 ROLE_ADMINS 应该只允许具有该角色的用户删除实体,但是所有用户都可以删除该实体。有任何想法吗?

下面是我的 pom 寻找编织插件的方式

<plugin>
                <groupId>org.codehaus.mojo</groupId>
                <artifactId>aspectj-maven-plugin</artifactId>
                <version>1.2</version> 
                <dependencies>
                    <dependency>
                        <groupId>org.aspectj</groupId>
                        <artifactId>aspectjrt</artifactId>
                        <version>${aspectj.version}</version>
                    </dependency>
                    <dependency>
                        <groupId>org.aspectj</groupId>
                        <artifactId>aspectjtools</artifactId>
                        <version>${aspectj.version}</version>
                    </dependency>
                </dependencies>
                <executions>
                    <execution>
                        <goals>
                            <goal>compile</goal>
                            <goal>test-compile</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <sources>
                        <source>
                          <basedir>src/main/java/</basedir>
                          <includes>
                            <include>**/entity/*.java</include>                         
                          </includes>                        
                        </source>
                      </sources>
                    <outxml>true</outxml>
                    <aspectLibraries>
                        <aspectLibrary>
                            <groupId>org.springframework</groupId>
                            <artifactId>spring-aspects</artifactId>
                        </aspectLibrary>
                    </aspectLibraries>
                    <source>${java.version}</source>
                    <target>${java.version}</target>
                </configuration>
            </plugin>
4

0 回答 0