Spring Security：Permission Evaluator无法正常工作

Question

我正在尝试在我的应用中实现Permission Evaluator。我这是第一次这样做。但由于某种原因，评估员没有工作。我可以从任何用户成功访问url，/ user / list，我得到相应的结果。 （[在我的情况下]）

这些是我的文件

弹簧security.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">

    <global-method-security secured-annotations="enabled"
        pre-post-annotations="enabled">
        <expression-handler ref="expressionHandler" />
    </global-method-security>

    <bean id="expressionHandler"
        class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandlerr">
        <property name="permissionEvaluator" ref="permissionEvaluator" />
    </bean>

    <bean id="permissionEvaluator" class="in.portkey.permissionEvaluator.TestPermissionEvaluator" />

</beans>

的web.xml

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="2.5"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <display-name>Archetype Created Web Application</display-name>

    <!-- Loads Spring Security config file -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


    <servlet>
        <servlet-name>ChatSessionService</servlet-name>
        <servlet-class>services.ChatSessionService</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>ChatSessionService</servlet-name>
        <url-pattern>/ChatSessionService</url-pattern>
    </servlet-mapping>
</web-app>

PermissionEvaluator

public class TestPermissionEvaluator implements PermissionEvaluator {
    @Override
    public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
            return false;
    }

    @Override
    public boolean hasPermission(Authentication authentication,
        Serializable targetId, String targetType, Object permission) {
    throw new UnsupportedOperationException();
    }
}

控制器

public class MyController extends ParentController{

    @RequestMapping("/user/list")
    @PreAuthorize("hasPermission(b,3)")
    @Override
    public List<ChatSession> getActiveSessions() {
        // TODO Auto-generated method stub
        return new ArrayList<ChatSession>();
    }

}

我无法弄清楚为什么这不起作用。有人可以指导我朝正确的方向发展。