Spring Security + MVC를 사용하고 있습니다.
주석 @Secured({ "ROLE_ADMIN" })
은 컨트롤러 레이어에서만 올바르게 작동합니다.
더 깊은/다른 레이어에서 사용하려고하면 보안 오류가 발생합니다.
"none mvc mapped"메서드에서 사용하려고하면 보안 오류가 발생합니다.
의 web.xml :Spring Security - @Secured는 mvc 컨트롤러에서만 작동합니다.
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/classes/log4j-myapp.properties</param-value>
</context-param>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/Management/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
봄-servlet.xml에
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- Declare a view resolver -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/pages/" p:suffix=".jsp" />
<context:component-scan base-package="com.affiliates" />
</beans>
스프링 security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<security:global-method-security secured-annotations="enabled" />
<security:http auto-config="true" use-expressions="true"
access-denied-page="/Management/auth/denied">
<security:intercept-url pattern="/Management/auth/login"
access="permitAll" />
<security:intercept-url pattern="/Management/main/admin"
access="hasRole('ROLE_EMPLOYEE')" />
<security:intercept-url pattern="/Management/api/affiliates/**"
access="hasRole('ROLE_EMPLOYEE')" />
<security:form-login login-page="/Management/auth/login/"
authentication-failure-url="/Management/auth/login?error=true"
login-processing-url="/Management/auth/j_spring_security_check"
default-target-url="/Management/auth/login?error=false" />
<security:logout invalidate-session="true"
logout-success-url="/Management/auth/login/" logout-url="/Management/auth/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="customUserDetailsService">
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"
id="passwordEncoder" />
<bean id="customUserDetailsService" class="com.affiliates.service.CustomUserDetailsService" />
</beans>
,536,913,632 내 XML의 설정 파일 다음
10
MVC-dispacher-servlet.xml에
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
<context:component-scan base-package="com.affiliates.controllers" />
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
</beans>
applocationContext.xml 여기
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<!-- Activates various annotations to be detected in bean classes -->
<context:annotation-config />
<!-- Scans the classpath for annotated components that will be auto-registered
as Spring beans. For example @Controller and @Service. Make sure to set the
correct base-package -->
<context:component-scan base-package="com.affiliates" />
<!-- Configures the annotation-driven Spring MVC Controller programming
model. Note that, with Spring 3.0, this tag works in Servlet MVC only! -->
<mvc:annotation-driven />
</beans>
이다 내가 사용 방법 보안되는 방법 :
@Component
public class BrandsApi{
@Secured({ "ROLE_ADMIN" })
public ResultContainer getAll() {
return brandDao.getAll(getSecurityFilter().getBrandSecurityFilter());
}
}
}
발신자 :
안녕, 나는이 잘 작동됩니다 javaconfig 파일에 내 설정을 변환 한
:
@Controller
@RequestMapping("/api/brands")
public class BrandsController {
@RequestMapping(value = "/get")
public ModelAndView get(){
BrandsApi brandsApi = new BrandsApi();
brandsApi.getAll();
}
}
그래서이 내 최신 업데이트입니다.
로딩 시간에 내 응용 프로그램을 디버깅하고 매개 변수가 전송 된 것을 확인합니다. 그것은
이 내가 메소드를 호출하는 방법이다 위에 나는 @Secured ({ "ROLE_ADMIN"})와 방법을 BrandsApi 내부
@Configuration
public class SpringJavaConfig {
@Bean
public BrandsApi brandsApi(){
return new BrandsApi();
}
}
: 다음 brandsApi이
코드를 초기화되는 것을 의미
코드 :
ApplicationContext ctx = new AnnotationConfigApplicationContext(SpringJavaConfig.class);
BrandsApi brandsApi = (BrandsApi)ctx.getBean(BrandsApi.class);
brandsApi.getAll();
하지만 ROLE_EMPLOYEE
,691,363에 로그인 한 경우에도 몇 가지 이유로 내가 안으로 얻을 수 있습니다
코드 : (210)이 제 BrandsApi 클래스입니다
class BrandsApi extends BaseApi{
@Secured({ "ROLE_ADMIN" })
public void getAll() {
System.out.println("Hello");
}
}
작성시 "더 깊숙한/다른 레이어"의 예를 제공해주십시오. –
@Stas Kurilin - 내 게시물을 편집합니다. 감사합니다. – fatnjazzy