可能重复:
Can Spring Security use @PreAuthorize on Spring controllers methods?
这是我的配置: 的pom.xml
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring-security.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring-security.version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring-security.version}</version>
<scope>compile</scope>
</dependency>
<!-- AOP dependency -->
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
<version>2.2</version>
</dependency>
<!-- end of Spring Security -->
这里是security.xml - &gt;
<!-- secured-annotations = (@Secured("ROLE_ADMIN")) -->
<!-- jsr250-annotations = (@RunAs @RolesAllowed @PermitAll @DenyAll @DeclareRoles) -->
<!-- pre-post-annotations = @PreAuthorized("hasAuthority('ROLE_ADMIN')") -->
<global-method-security secured-annotations="disabled"
jsr250-annotations="disabled"
pre-post-annotations="enabled"/>
<http auto-config='true'
disable-url-rewriting="true"
access-denied-page="/WEB-INF/jsp/errors/accessDenied.jsp">
<anonymous granted-authority="ROLE_ANONYMOUS" key="anonymous"/>
<logout logout-url="/logout.do" logout-success-url="/" />
<form-login always-use-default-target="false"
authentication-failure-url="/?authfailed=true"
default-target-url="/person"
login-page="/"
login-processing-url="/login"
username-parameter="username"
password-parameter="password"
/>
<remember-me key="rememberMe" services-ref="rememberMeService"/>
</http>
当我尝试运行任何控制器时 - >&gt;
@RequestMapping( “/人”) 公共类PersonController {
@RequestMapping("")
@PreAuthorize("hasAuthority('ROLE_ADMIN')")
public String root() {
doStuff();
return "redirect:/person/home";
}
有任何不同的角色,我得到了正确的结果。所以@PreAuthorize(“hasAuthority('ROLE_ADMIN')”)注释不起作用。
没有编译错误,没有运行时异常。
感谢。