0

Spring security 3.1 を使ってみた

ただし、ROLE_USER権限がある場合

何もしません (アノテーション @PreAuthorize("hasRole('ROLE_ADMIN')") )

spring 3.1M と springsecurity 3.1 を使用しています

他に何かする必要がありますか?

以下は私の春のセキュリティ構成コードです

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xmlns:s="http://www.springframework.org/schema/security"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
                            http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
                            http://www.springframework.org/schema/security
                            http://www.springframework.org/schema/security/spring-security-3.1.xsd">

      <s:global-method-security pre-post-annotations="enabled">
        <!-- <s:expression-handler ref="expressionHandler"/> -->
      </s:global-method-security>


        <s:http pattern="/css/**" security="none" />
        <s:http pattern="/js/**" security="none" />
        <s:http pattern="/favicon.ico" security="none" />
        <s:http pattern="/index.jsp" security="none" />

        <s:http auto-config="true" use-expressions="true" access-denied-page="/denied.jsp">

            <s:intercept-url pattern="/web/index" access="permitAll" />
            <s:intercept-url pattern="/web/**" access="isAuthenticated()"/>
            <s:intercept-url pattern="/web/study/*" access="hasRole('ROLE_USER')"/>

            <s:form-login />
            <s:logout />

            <s:session-management>
                <s:concurrency-control
                    error-if-maximum-exceeded="true" max-sessions="1" expired-url="/expired.jsp" />
            </s:session-management>
        </s:http>

        <!-- Declare an authentication-manager to use a custom userDetailsService -->
        <s:authentication-manager>
            <s:authentication-provider user-service-ref="userDetailsService">
                <s:password-encoder ref="passwordEncoder" />
            </s:authentication-provider>
        </s:authentication-manager>

        <!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the 
            database -->
        <bean
            class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
            id="passwordEncoder" />

        <s:authentication-manager alias="authenticationManager">
            <!-- If you want to use a database, then you can use -->
            <s:authentication-provider user-service-ref="userDetailsService">

                <s:password-encoder ref="passwordEncoder" />
            </s:authentication-provider>
        </s:authentication-manager>

    </beans>

およびコントローラーコード

    package com.app.web.study.language.action;

    import java.util.*;

    import javax.annotation.Resource;
    import javax.servlet.http.HttpServletRequest;
    import org.slf4j.Logger;
    import org.slf4j.LoggerFactory;
    import org.springframework.security.access.annotation.Secured;
    import org.springframework.security.access.prepost.PreAuthorize;
    import org.springframework.stereotype.Controller;
    import org.springframework.transaction.annotation.Transactional;
    import org.springframework.ui.Model;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    import org.springframework.web.bind.annotation.RequestParam;
    import com.app.web.common.BaseController;
    import com.app.web.study.language.service.impl.StudyServiceImpl;

    @Controller
    public class StudyController extends BaseController {

        protected static Logger logger = LoggerFactory.getLogger("StudyController");

        @Resource(name="studyServiceImpl")
        private StudyServiceImpl studyServiceImpl;

        @PreAuthorize("hasRole('ROLE_ADMIN')") 
        @RequestMapping(value = "/study/list", method = RequestMethod.GET)
        public String study( Locale locale
                           , Model model 
                           , HttpServletRequest  req) {
            logger.info("study", locale);

            HashMap<String, Object> parameters = new HashMap<String, Object>(); 
            List list = studyServiceImpl.getList(parameters);  

            model.addAttribute("ctx", getCrreuntUrl() );
            model.addAttribute("list", list );

            //model.addAttribute("activeUsers", getlistActiveUsers());

            return "base.study";
        }

    }
4

2 に答える 2

0

この問題に遭遇する可能性はありますかSpringSecurityFAQ

于 2013-02-18T06:40:45.863 に答える