我想用Spring Java配置配置方法安全注释,但它不起作用。从跟踪日志中我可以看到,不会扫描@Controllers以获取安全注释。那是因为还没有创建控制器bean。控制器扫描由扩展WebMvcConfigurationSupport的servlet配置类进行,SecurityConfig导入RootConfig。当我不想在root配置中创建控制器bean时,如何设置我的配置以扫描控制器?
RootConfig:
@Configuration
@Import({ SecurityConfig.class, PropertyPlaceholderConfig.class, DBConfig.class })
@ComponentScan(basePackages = { "com.example.models", "com.example.services" })
public class RootConfig { ...}
SecurityConfig:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true, proxyTargetClass = true, securedEnabled = true, prePostEnabled = true)
public class SecurityConfig {
...
@Configuration
@Order(1)
public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
...
}
@Configuration
@Order(2)
public static class FormLoginWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
...
}
}
Rest servlet:
@Configuration
@ComponentScan(basePackages = { "com.example.controllers.api" }, includeFilters = @Filter({ Controller.class, ControllerAdvice.class }), useDefaultFilters = false)
@Import({ PropertyPlaceholderConfig.class, RestApiDocumentationConfig.class })
public class RestApiConfig extends WebMvcConfigurationSupport {...}