Pre / PostAuthorize注释不起作用

时间:2011-11-03 10:55:44

标签: spring spring-security

由于Spring Security论坛似乎没有给予太多支持,我也不得不在这里提出同样的问题。我正在使用Spring 3.0.6和Spring Security 3.0.7构建一个Web应用程序,但是有一个问题让我疯了。方法保护注释不起作用。我正在以这种方式保护我的服务接口上的方法:

public interface AlbumGenreService {

     @PreAuthorize("hasRole('ROLE_ADMIN')")
     public void deleteGenre(Integer genreId);
}

然后在控制器中调用该方法:

@RequestMapping(value="/genres/delete/{genreId}")
public String deleteGenre(@PathVariable("genreId") Integer genreId, Model model) {

     albumGenreService.deleteGenre(genreId);

     return "redirect:/genres/view";
}

当我使用ROLE_USER角色登录并尝试删除该类型时,将授予对受保护方法的访问权限并删除该类型。

我的配置如下:

的web.xml 

<servlet>
   <servlet-name>dispatcher</servlet-name>
   <servlet-class>org.springframework.web.servlet.DispatcherSe rvlet</servlet-class>
   <init-param>
     <param-name>contextConfigLocation</param-name>
     <param-value>/WEB-INF/applicationContext.xml</param-value>
   </init-param>
   <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<filter>
    <filter-name>sitemesh</filter-name>
    <filter-class>com.opensymphony.module.sitemesh.filter.Page Filter</filter-class>
</filter>

<filter-mapping>
    <filter-name>sitemesh</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>


<context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>/WEB-INF/securityApplicationContext.xml</param-value>
</context-param>

<listener>
   <listener-class>org.springframework.web.context.ContextLoade rListener</listener- class>
</listener>

securityApplicationContext.xml 

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schem...-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.4.xsd">

<security:global-method-security pre-post-annotations="enabled" secured-  annotations="enabled" jsr250-annotations="enabled"/>

<security:http auto-config="true" use-expressions="true">
   <security:intercept-url pattern="/genres/create" access="hasRole('ROLE_ADMIN')"/>
   <security:intercept-url pattern="/*" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/>
</security:http>

<security:authentication-manager alias="authenticationManager">
  <security:authentication-provider>
     <security:user-service>
     <security:user name="user1" password="user1" authorities="ROLE_USER"/>
     <security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>

希望你能帮助我弄清楚出了什么问题。感谢。

0 个答案:

没有答案
相关问题
最新问题