如何使用@PreAuhorized注释简化授权用户

时间:2013-06-12 07:23:31

标签: java spring-security

在我的应用中,我只想保护方法,所以我创建了这个简单的安全上下文:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:util="http://www.springframework.org/schema/util"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/util 
        http://www.springframework.org/schema/util/spring-util-3.1.xsd">

    <http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
        <intercept-url pattern="/**" access="permitAll" />
    </http>

    <global-method-security pre-post-annotations="enabled" />


</beans:beans>

在我的服务中,我有方法登录,当登录表单被提交时调用,但我不知道应该有什么,请帮助:

public ExtDirectFormPostResult login(Person person, BindingResult result) {
    ExtDirectFormPostResult postResult = new ExtDirectFormPostResult(result);
    logger.error("logiiiiiiiiin ");
    // what to do to allow   using annotatedmethod  @PreAuthorize("hasRole('ROLE_ADMIN')")?   
    return postResult;
}

0 个答案:

没有答案
相关问题
最新问题