0
스프링 보안이 적용된 Java 웹 응용 프로그램이 있습니다. @PreAuthorize 주석을 사용하지만 작동하지 않습니다. 스프링 보안 @PreAuthorize annotion이 작동하지 않습니다.
나는 PermissionEvaluator 인터페이스와 @PreAuthorize 주석을 사용 AccessClassService를 구현하는 PermissionResolver 클래스를 가지고있다.나는 내가 hasPermission 메소드가 호출되지 않습니다 것을 볼, hasPermission에 PermissionResolver 클래스 방법을 breakpointes를 설정하고 디버그 모드에서 응용 프로그램을 실행합니다.
아무도 도와 줄 수 있습니까?
내 securityContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:global-method-security pre-post-annotations="enabled">
<security:expression-handler ref="permissionHandler"/>
</security:global-method-security>
<bean id="permissionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
<property name="permissionEvaluator" ref="eval"/>
</bean>
<bean id="eval" class="org.mydomain.myapp.infrastructure.security.PermissionResolver" />
<security:http auto-config="true" use-expressions="true" disable-url-rewriting="true">
<security:intercept-url pattern="/favicon.ico" access="permitAll" />
<security:intercept-url pattern="/resources/**" access="permitAll"/>
<security:intercept-url pattern="/login" access="isAnonymous()"/>
<security:intercept-url pattern="/registration/**" access="isAnonymous()"/>
<security:intercept-url pattern="/restorePassword" access="isAnonymous()"/>
<security:intercept-url pattern="/**" access="isAuthenticated()"/>
<security:form-login login-page="/login" authentication-failure-url="/login?fail" default-target-url="/" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="hibernateUserService" />
</security:authentication-manager>
</beans>
내 PermissionResolver.java
public class PermissionResolver implements PermissionEvaluator{
@Autowired
private AccessClassService service;
@Override
public boolean hasPermission(Authentication a, Object o, Object o1) {
return false;
}
@Override
public boolean hasPermission(Authentication a, Serializable targetId, String targetType, Object o) {
return false;
}
}
그리고 @PreAuthorize (테스트 매개 변수) 주석
@Service
public class AccessClassService {
@Autowired
private PersistableDAO dao;
public AccessClass getInitialAccessClass(){
return dao.getOneByAttr(AccessClass.class, "number", 0);
}
@Transactional
@PreAuthorize("hasPermission('12','AccessClass')")
public AccessClass get(Long id){
return dao.get(AccessClass.class, id);
}
public Integer getAccessClassNumber(Long id){
return (Integer)dao.getCriteria(AccessClass.class)
.setProjection(Projections.property("number"))
.add(Restrictions.eq("id", id)).uniqueResult();
}
}