我似乎遇到了一个有趣的问题,GlobalMethodSecurity不会调用正确的AccessDecisionManager:
我在 application-context.xml中设置了AccessDecisionManager:
<global-method-security access-decision-manager-ref="accessDecisionManager2"/>
并且还为 CustomAccessDecisionManager定义了bean:
@Bean
public AccessDecisionManager accessDecisionManager2() {
List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<>();
Map<String, AccessDecisionVoter> beans = context.getBeansOfType(AccessDecisionVoter.class);
CustomAccessDecisionVoter customAccessDecisionVoter = new CustomAccessDecisionVoter();
decisionVoters.add(customAccessDecisionVoter);
AffirmativeBased affirmativeBased = new AffirmativeBased(decisionVoters);
return affirmativeBased;
}
customAccessDecisionVoter的代码:
@Service
public class CustomAccessDecisionVoter extends AuthenticatedVoter{
@Override
public boolean supports(Class clazz) {
// TODO Auto-generated method stub
return true;
}
public int vote(Authentication authentication, FilterInvocation fi,
Collection<ConfigAttribute> attributes) {
return 0;
}
@Override
public boolean supports(ConfigAttribute attribute) {
// TODO Auto-generated method stub
System.out.println(attribute.toString());
return true;
}
}
它似乎在调用默认的 AccessDecisionManager:
DEBUG [http-bio-8080-exec-10] (OpenEntityManagerInViewInterceptor.java:85) - Opening JPA EntityManager in OpenEntityManagerInViewInterceptor
DEBUG [http-bio-8080-exec-10] (AbstractSecurityInterceptor.java:218) - Secure object: ReflectiveMethodInvocation: public java.lang.String com.DPP.V2.GUIController.PageDispatcher.test(); target is of class [com.DPP.V2.GUIController.PageDispatcher]; Attributes: [[authorize: 'hasAuthority('ROLE_read_only')', filter: 'null', filterTarget: 'null']]
DEBUG [http-bio-8080-exec-10] (AbstractSecurityInterceptor.java:347) - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a9768c42: Principal: com.DPP.V2.sessions.SessionUser@3b40b2f: Username: ADMIN; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: e17bd41a-0726-47e0-a024-053a0d5d0f6c_grant_sensitive,e17bd41a-0726-47e0-a024-053a0d5d0f6c_test,e17bd41a-0726-47e0-a024-053a0d5d0f6c_write_all; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 6F802321EC029F9588F0D8C0582AD97B; Granted Authorities: e17bd41a-0726-47e0-a024-053a0d5d0f6c_grant_sensitive, e17bd41a-0726-47e0-a024-053a0d5d0f6c_test, e17bd41a-0726-47e0-a024-053a0d5d0f6c_write_all
DEBUG [http-bio-8080-exec-10] (AffirmativeBased.java:65) - Voter: org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter@13882b00, returned: -1
DEBUG [http-bio-8080-exec-10] (AffirmativeBased.java:65) - Voter: org.springframework.security.access.vote.RoleVoter@10ced22f, returned: 0
DEBUG [http-bio-8080-exec-10] (AffirmativeBased.java:65) - Voter: org.springframework.security.access.vote.AuthenticatedVoter@63943f99, return
我需要有一个自定义选民的原因是因为角色的前缀是一个更改的ID,标准选民不支持这个。
任何帮助将不胜感激:)