Spring Security Annotation配置没有做任何事情

时间:2013-11-28 11:22:23

标签: java spring hibernate spring-mvc spring-security

我在设置Spring Security时遇到问题。 首先,我有一个Configuration类,如下所示:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
@ComponentScan("com.boardviewer")
public class BoardviewerConfiguration extends WebSecurityConfigurerAdapter {

    @Inject
    private BoardviewerSecurityService boardviewerSecurityService;

    @Bean
    public InternalResourceViewResolver internalResourceViewResolver() {
        InternalResourceViewResolver resolver = new InternalResourceViewResolver();
        resolver.setPrefix("/WEB-INF/pages/");
        resolver.setSuffix(".jsp");
        return resolver;
    }

    @Bean /* The "${props} can now be parsed before runtime with this bean declaration */
    public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
        return new PropertySourcesPlaceholderConfigurer();
    }

    /* Spring Sec */

    @Bean
    public DaoAuthenticationProvider daoAuthenticationProvider() {
        DaoAuthenticationProvider dao = new DaoAuthenticationProvider();
        dao.setUserDetailsService(boardviewerSecurityService);
        return dao;
    }

    @Bean
    public ProviderManager providerManager() {
        List<AuthenticationProvider> list = new ArrayList<AuthenticationProvider>();
        list.add(daoAuthenticationProvider());
        return new ProviderManager(list);
    }


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
        auth.authenticationProvider(daoAuthenticationProvider());
        auth.userDetailsService(boardviewerSecurityService);
    }    
}

基本上一些基本的WebSecurity配置...... 我没有收到任何错误,但我可以正常浏览网站,没有任何限制。

例如,我有一个带@PreAuthorize注释的控制器,我直接通过它。

我正在运行Spring Security 3.2.0 RC2以便能够获得注释配置......但到目前为止还没有运气。

是否需要在web.xml中添加其他配置?或者我错过了什么? 有人得到一个有效的Spring Security注释配置示例吗?

另外,我正在使用hibernate来获取用户帐户等,而我的boardviewerSecurityService看起来像这样:

@Service
public class BoardviewerSecurityService implements UserDetailsService {

    @Inject
    private UserDAO userDAO;

    @Inject
    private BoardviewerTransformer transformer;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        User u = userDAO.getByUsername(s);
        if(u == null) {
            throw new UsernameNotFoundException("Couldn't find a user with that username");
        } else {
            return transformer.userToSpringUser(u);
        }
    }
}

变换器只是将实体重新映射到Spring UserDetails User对象(org.springframework.security.core.userdetails.User

我错过了什么吗? (设置登录页面和网址拦截器的一部分?我以为我不需要那些因为我只想控制类/方法级别的访问)

非常感谢任何帮助!

此致

0 个答案:

没有答案