我希望在我的所有控制器方法中使用@PreAuthorize进行访问控制。 为此,我对此blog post
进行了说明我有以下配置
MethodSecurityConfig.class
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
CustomPermissionEvaluator permissionEvaluator = new CustomPermissionEvaluator();
DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(permissionEvaluator);
return expressionHandler;
}
}
和我的自定义权限评估程序
public class CustomPermissionEvaluator implements PermissionEvaluator{
@Override
public boolean hasPermission(Authentication arg0, Object arg1, Object arg2) {
// method implementation
}
@Override
public boolean hasPermission(Authentication arg0, Serializable arg1,
String arg2, Object arg3) {
// method implementation
}
}
当我试图运行它时,在创建bean methodSecurityInterceptor
时会出现ERRORCaused by: java.lang.IllegalArgumentException: An AuthenticationManager is required
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:131)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1625)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1562)
... 50 more
所以我的问题是
是否必须使用基于网络的安全性?
我们不能只使用如here
所示的GlobalMethodSecurityConfiguration帮助请!!