我尝试使用spring security taglib,在3.2.8.RELEASE版本中此代码正常工作,但4.0.2.RELEASE版本不起作用,
不会呈现sec:authorize标记内容,并且用户具有SUPER_ADMIN角色:
<sec:authorize access="hasRole('SUPER_ADMIN')">
<div class="form-group">
<label class="col-md-4 control-label" for="inptAdmin" >Usuário responsável:</label>
<div class="col-md-8">
...
</select>
</div>
</div>
</sec:authorize>
我的弹簧配置: spring版本:4.1.7.RELEASE,spring security:4.0.2.RELEASE
WEB.XML:
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<display-name>Expenses Manager</display-name>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/spring-context.xml
/WEB-INF/spring/spring-security.xml
</param-value>
</context-param>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>encoding-filter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Processes application requests -->
<servlet>
<servlet-name>DispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/spring-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>DispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
弹簧上下文:
<context:annotation-config />
<context:component-scan base-package="br.com.edubarbieri.comerbem.dao" />
<context:component-scan base-package="br.com.edubarbieri.comerbem.configuration" />
<context:component-scan base-package="br.com.edubarbieri.comerbem.service" />
<jee:jndi-lookup id="mysqlDS" jndi-name="java:comp/env/jdbc/MySQLDS" />
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="mysqlDS" />
<property name="configLocation" value="classpath:hibernate.cfg.xml" />
</bean>
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
<tx:annotation-driven />
<bean id="velocityEngine" class="org.springframework.ui.velocity.VelocityEngineFactoryBean">
<property name="velocityProperties">
<props>
<prop key="resource.loader">file</prop>
<prop key="file.resource.loader.class">
org.apache.velocity.runtime.resource.loader.FileResourceLoader
</prop>
<prop key="file.resource.loader.path">C:/Users/eduardo.santos/Documents/Comerbem/admin/src/main/webapp/WEB-INF/templates</prop>
<prop key="file.resource.loader.cache">false</prop>
</props>
</property>
</bean>
<bean id="appProperties" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="locations" >
<list>
<value>classpath:app.properties</value>
<value>classpath:app#{systemProperties['ENV']}.properties</value>
</list>
</property>
</bean>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<!-- setting maximum upload size 5mb -->
<property name="maxUploadSize" value="5242880" />
</bean>
弹簧安全:
<security:global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />
<security:debug/>
<security:http auto-config="true" use-expressions="true" disable-url-rewriting="false" >
<security:headers disabled="true"/>
<security:csrf disabled="true" />
<security:form-login authentication-failure-url="/acesso?error"
login-page="/acesso" default-target-url="/" username-parameter="email"
password-parameter="password" login-processing-url="/do_login" />
<security:logout logout-success-url="/acesso?logout" logout-url="/do_logout" invalidate-session="true" />
<security:intercept-url pattern="/login/**" access="permitAll" />
<security:intercept-url pattern="/acesso*" access="permitAll" />
<security:intercept-url pattern="/favicon.ico" access="permitAll" />
<security:intercept-url pattern="/*" access="isAuthenticated()" />
<!-- <security:intercept-url pattern="/post/publicar/**" access="hasRole('ROLE_MEMBRO')"/> -->
</security:http>
<bean id="exAuthenticationProvider" autowire="byType" class="br.com.edubarbieri.comerbem.security.ExAutenticationProvider" />
<security:authentication-manager>
<security:authentication-provider ref="exAuthenticationProvider" />
</security:authentication-manager>
弹簧的servlet:
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC @Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/favicon.ico" location="/favicon.ico" />
<resources mapping="/images/**" location="/images/" />
<resources mapping="/login/**" location="/login/" />
<resources mapping="/dist/**" location="/dist/" />
<resources mapping="/bower_components/**" location="/bower_components/" />
<resources mapping="/scripts/**" location="/scripts/" />
<resources mapping="/styles/**" location="/styles/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- <beans:property name="prefix" value="/views/" /> -->
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="br.com.edubarbieri.comerbem.api" />
<context:component-scan base-package="br.com.edubarbieri.comerbem.controller" />
我无能为力解决这个问题,任何人都可以帮助我吗?
更新
我的pom.xml
<project>
<modelVersion>4.0.0</modelVersion>
<groupId>br.com</groupId>
<artifactId>edubarbieri</artifactId>
<name>admin</name>
<packaging>war</packaging>
<version>1.0.0-SNAPSHOT</version>
<properties>
<java-version>1.7</java-version>
<spring.versao>4.1.7.RELEASE</spring.versao>
<spring.security.versao>4.0.2.RELEASE</spring.security.versao>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.versao}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.versao}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.versao}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.versao}</version>
</dependency>
<dependency>
<groupId>javax.mail</groupId>
<artifactId>javax.mail-api</artifactId>
<version>1.5.4</version>
</dependency>
<dependency>
<groupId>com.sun.mail</groupId>
<artifactId>javax.mail</artifactId>
<version>1.5.4</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.versao}</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.8.4</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.8.4</version>
</dependency>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>5.1.3.Final</version>
<exclusions>
<exclusion>
<artifactId>slf4j-api</artifactId>
<groupId>org.slf4j</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>1.7.10</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.4.1</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.4.1.1</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-jaxrs</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>4.3.8.Final</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.34</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.versao}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.versao}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.versao}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.versao}</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.10</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.15</version>
<exclusions>
<exclusion>
<groupId>javax.mail</groupId>
<artifactId>mail</artifactId>
</exclusion>
<exclusion>
<groupId>javax.jms</groupId>
<artifactId>jms</artifactId>
</exclusion>
<exclusion>
<groupId>com.sun.jdmk</groupId>
<artifactId>jmxtools</artifactId>
</exclusion>
<exclusion>
<groupId>com.sun.jmx</groupId>
<artifactId>jmxri</artifactId>
</exclusion>
</exclusions>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>javax.inject</groupId>
<artifactId>javax.inject</artifactId>
<version>1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.4</version>
</dependency>
<dependency>
<groupId>org.apache.velocity</groupId>
<artifactId>velocity</artifactId>
<version>1.7</version>
</dependency>
<dependency>
<groupId>ro.isdc.wro4j</groupId>
<artifactId>wro4j-core</artifactId>
<version>1.7.8</version>
</dependency>
<dependency>
<groupId>ro.isdc.wro4j</groupId>
<artifactId>wro4j-extensions</artifactId>
<version>1.7.8</version>
</dependency>
<dependency>
<groupId>org.imgscalr</groupId>
<artifactId>imgscalr-lib</artifactId>
<version>4.2</version>
</dependency>
</dependencies>
<build>
<finalName>expenses</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.2</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
</build>
解:
...
在spring security 4中,hasRole默认添加preffix&#39; ROLE _&#39;起初:
答案 0 :(得分:1)
您需要在类路径中使用Spring Security Taglib。对于Maven:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
您需要将taglib添加到JSP:
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec" %>