我有以下Spring Security xml文件,该文件具有身份验证和授权配置。这里的问题是身份验证工作正常,但是授权没有启动,它甚至没有检索角色。我之前曾在类似情况下工作过,但没有任何问题。唯一的区别是我当时使用的是Spring 3,而现在是Spring4。我在这里缺少的任何东西或我做错的事情。
<security:authentication-manager alias="preAuthManager">
<security:authentication-provider ref="preAuthProvider" />
</security:authentication-manager>
<bean id="preAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService" ref="frfPreAuthUserDetailsService" />
</bean>
<bean id="frfPreAuthProcessingFilter" class="*.*.*.ws.infra.FRFPreAuthenticatedProcessingFilter">
<property name="authenticationManager" ref="preAuthManager" />
<property name="stripDomain" value="true" />
<property name="toLowerCase" value="true" />
</bean>
<bean id="preAuthEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<bean id="frfPreAuthUserDetailsService" class="*.*.*.ws.infra.FRFPreAuthenticatedUserDeatilsService">
<!-- Configure the Role Service ... 1) InMemoryRoleRetriever 2) Arrow2RoleRetriver; This configuration is shown below...-->
<property name="roleService" ref="arrow2RoleServiceImpl" />
</bean>
<bean id="arrow2RoleServiceImpl" class="*.*.*.ws.arrowrest.ArrowRoleRetriever">
<constructor-arg index="0" value="${arrow.rest.endPoint}" />
<constructor-arg index="1" value="authorized-function-names" />
<constructor-arg>
<map>
<entry key="CallerName" value="${arrow.appName}"></entry>
<entry key="ApplicationName" value="${arrow.appName}"></entry>
</map>
</constructor-arg>
</bean>
<!-- <global-method-security pre-post-annotations="enabled"/> -->
<security:global-method-security secured-annotations="enabled"/>
<security:http pattern="/WEB-INF/jsp/access_denied.jsp" security="none"/>
<security:http pattern = "/app/*" create-session="never" use-expressions="false" auto-config="false" entry-point-ref="preAuthEntryPoint"
authentication-manager-ref="preAuthManager"
access-decision-manager-ref="accessDecisionManager"
xmlns="http://www.springframework.org/schema/security">
<security:custom-filter ref="frfPreAuthProcessingFilter" before="PRE_AUTH_FILTER" />
<security:intercept-url pattern="/app/3a4/rules" method="GET" access="ROLE_ADMIN"/>
</security:http>
<!-- Allows access if principal has the proper granted authority -->
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
</list>
</constructor-arg>
<property name="allowIfAllAbstainDecisions" value="false" />
</bean>