1

我使用 spring boot 1.5.1 配置没有 xml 的 spring security acl,但是有一些问题。我的配置java是:

网络安全配置类:

 @Configuration
 public class ACLConfig extends GlobalMethodSecurityConfiguration
 {
      @Autowired
      DataSource dataSource;

      @Bean(name = "aclCache")
   public EhCacheBasedAclCache aclCache()
{
    PermissionGrantingStrategy permissionGrantingStrategy = new DefaultPermissionGrantingStrategy(
            new ConsoleAuditLogger());
    return new EhCacheBasedAclCache(aclEhCache().getObject(),
            permissionGrantingStrategy, aclAuthorizationStrategy());
}

@Bean(name = "aclEhCache")
public EhCacheFactoryBean aclEhCache()
{
    EhCacheFactoryBean factoryBean = new EhCacheFactoryBean();
    EhCacheManagerFactoryBean cacheManager = new EhCacheManagerFactoryBean();
    cacheManager
            .setConfigLocation(new ClassPathResource("cache/ehcache.xml"));
    factoryBean.setCacheName("aclCache");
    factoryBean.setCacheManager(cacheManager.getObject());
    return factoryBean;
}

@Bean
public LookupStrategy lookupStrategy()
{
    return new BasicLookupStrategy(dataSource, aclCache(),
            aclAuthorizationStrategy(), new ConsoleAuditLogger());
}

@Bean(name = "adminRole")
public SimpleGrantedAuthority adminRole()
{
    return new SimpleGrantedAuthority(Const.ADMIN_ROLE);
}

@Bean
public AclAuthorizationStrategy aclAuthorizationStrategy()
{
    return new AclAuthorizationStrategyImpl(adminRole(), adminRole(),
            adminRole());
}

@Bean(name = "aclService")
public MutableAclService aclService()
{
    EhCacheBasedAclCache aclCache = aclCache();
    JdbcMutableAclService service = new JdbcMutableAclService(dataSource,
            lookupStrategy(), aclCache);

    service.setClassIdentityQuery("select @@IDENTITY");
    service.setSidIdentityQuery("select @@IDENTITY");
    return service;
}

@Bean(name = "aclDeleteVoter")
public AclEntryVoter aclDeleteVoter()
{
    String processConfigAttribute = Const.ACL_DELETE;
    Permission[] requirePermission = new Permission[2];
    requirePermission[0] = org.springframework.security.acls.domain.BasePermission.ADMINISTRATION;
    requirePermission[1] = org.springframework.security.acls.domain.BasePermission.DELETE;
    AclEntryVoter aclEntryVoter = new AclEntryVoter(aclService(),
            processConfigAttribute, requirePermission);
    // 设置要管理的class
    aclEntryVoter.setProcessDomainObjectClass(AclDomainClass.class);
    return aclEntryVoter;
}

@Override
protected AffirmativeBased accessDecisionManager()
{
    return aclAccessDecisionManager();
}

@Bean(name = "aclAccessDecisionManager")
public AffirmativeBased aclAccessDecisionManager()
{
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(aclDeleteVoter());
    decisionVoters.add(afterAclRead());
    decisionVoters.add(aclWriteVoter());
    AffirmativeBased affirmativeBased = new AffirmativeBased(
            decisionVoters);
    return affirmativeBased;
}

@Bean(name = "afterAclRead")
public AclEntryVoter afterAclRead()
{

    String processConfigAttribute = Const.ACL_READ;
    Permission[] requirePermission = new Permission[2];
    requirePermission[0] = org.springframework.security.acls.domain.BasePermission.ADMINISTRATION;
    requirePermission[1] = org.springframework.security.acls.domain.BasePermission.READ;
    AclEntryVoter aclEntryVoter = new AclEntryVoter(aclService(),
            processConfigAttribute, requirePermission);
    // 设置要管理的class
    aclEntryVoter.setProcessDomainObjectClass(AclDomainClass.class);

    return aclEntryVoter;
}

@Bean(name = "aclWriteVoter")
public AclEntryVoter aclWriteVoter()
{
    String processConfigAttribute = Const.ACL_WRITE;
    Permission[] requirePermission = new Permission[2];
    requirePermission[0] = org.springframework.security.acls.domain.BasePermission.ADMINISTRATION;
    requirePermission[1] = org.springframework.security.acls.domain.BasePermission.WRITE;
    AclEntryVoter aclEntryVoter = new AclEntryVoter(aclService(),
            processConfigAttribute, requirePermission);
    // 设置要管理的class
    aclEntryVoter.setProcessDomainObjectClass(AclDomainClass.class);
    return aclEntryVoter;
}

@Override
protected MethodSecurityExpressionHandler createExpressionHandler()
{
    DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
    expressionHandler.setPermissionEvaluator(
            new AclPermissionEvaluator(aclService()));
    return expressionHandler;
}
}

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true ,securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter  {
...
}

@Secured(Const.ACL_DELETE)
public void delete(User user)
{
    // TODO Auto-generated method stub
    userMapper.delete(user);
    ObjectIdentity oid = new ObjectIdentityImpl(User.class,
            user.getId());
    aclService.deleteAcl(oid, false);
}

但是我访问这个方法抛出异常(org.springframework.security.access.AccessDeniedException);

4

0 回答 0