无法使Spring @Secured注释与Jersey一起使用

时间:2016-03-26 06:11:44

标签: spring security jersey

我正在尝试使用Jersey和Spring @Secured注释进行方法级安全性工作。什么都行不通,方法仍然开放。请帮忙。

以下是我的文件:

安全-context.xml中 

<beans ...
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- The REST service we're supposed to secure with @Secured -->
    <bean class="ph.ebank.resources.AccountsResource" />

    <!-- Enable @Secured support -->
    <security:global-method-security
        secured-annotations="enabled" />

    <!-- Stateless RESTful services use BASIC authentication -->
    <security:http>
        <security:http-basic />
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="gavin" password="qwerty"
                    authorities="ROLE_EDITOR" />
                <security:user name="julie" password="qwerty"
                    authorities="ROLE_MEMBER" />
                <security:user name="admin" password="qwerty"
                    authorities="ROLE_EDITOR,ROLE_MEMBER" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>    
</beans>

的web.xml 

<web-app version="3.0" ...>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
        classpath:spring/security-context.xml
        </param-value>
    </context-param>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <servlet>
        <servlet-name>Jersey Web Application</servlet-name>
        <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
        <init-param>
            <param-name>jersey.config.server.provider.packages</param-name>
            <param-value>ph.ebank.resources</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>Jersey Web Application</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>
</web-app>

AccountsResource.java 

package ph.ebank.resources;

import java.util.List;

import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.GET;
import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

import org.springframework.security.access.annotation.Secured;

import ph.activelearning.domain.Account;

@Path("accounts")
@Produces(MediaType.APPLICATION_JSON)
public class AccountsResource {

    @GET
    @Secured({"ROLE_MEMBER", "ROLE_EDITOR"})
    public List<Account> getAll() {
        return null;
    }    

    @POST
    @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
    @Secured("ROLE_EDITOR")
    public Response add() {
        System.out.println("add");
        return null;
    }

}

0 个答案:

没有答案
相关问题
最新问题