PreAuthorize(“isAuthenticated()”)不在RestController上工作

时间:2017-06-14 11:16:55

标签: java json rest spring-security uri

我发现了很多类似的问题,但没有一个问题解决了我的问题: PreAuthorize(“isAuthenticated()”)不能在我的RestController上工作。

我的配置安全性是:

<global-method-security pre-post-annotations="enabled"/>
<authentication-manager alias="authenticationManager">
        <authentication-provider>
            <password-encoder ref="passwordEncoder" />
            <jdbc-user-service
                data-source-ref="dataSource"
                users-by-username-query="
         select login,password,1
         from test tst where tst.login=?" 
                authorities-by-username-query="
         select login,'ROLE_SAVE' from test tst where tst.login=?"
            />
        </authentication-provider>
    </authentication-manager>
我的RestController上的

我添加了这个注释:@PreAuthorize(“isAuthenticated()”)

@RestController
@PreAuthorize("isAuthenticated()")
@RequestMapping("/api/test")
public class PrinterController{

    @RequestMapping(value = "", method = RequestMethod.GET)
    public ResponseStatus test() {
    System.out.println("test");
}

但无法正常工作任何用户都可以使用此资源。

2 个答案:

答案 0 :(得分:3)

您需要将以下注释添加到安全配置类:

@EnableGlobalMethodSecurity(prePostEnabled = true)

感谢这篇文章:

https://nixmash.com/post/spring-mvc-method-security-with-preauthorize-and-sp-el

答案 1 :(得分:-1)

after remplacing @PreAuthorize by @Secured and add secured-annotations="enabled" in security xml file the problem is fixed.

<global-method-security secured-annotations="enabled"/>

on my RestController

@Secured
相关问题
最新问题