配置
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration{
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
}
控制器
@RequestMapping(value="/events/eventsToApprove", method=RequestMethod.GET, produces=MediaType.APPLICATION_JSON_VALUE)
@ResponseBody
@PreAuthorize("hasRole('ROLE_LEAD')")
public List<Event> eventsToApprove(@RequestParam("user") String username){
CustomUser user= (CustomUser) userService.loadUserByUsername(username);
if(user!=null){
return eventService.getEventsToApprove(user);
}
return null;
}
错误
Unexpected AOP exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'methodSecurityInterceptor' defined in com.tracker.config.MethodSecurityConfig: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: An AuthenticationManager is required
我在上面的控制器上使用@preauthorize只允许用户使用&#34; ROLE_LEAD&#34;。但它不起作用。每个请求都会进来。配置错误
由于