Announcement Announcement Module
Collapse
No announcement yet.
@PreAuthorize not working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • @PreAuthorize not working

    Hello,
    I am new to SpringMVC and Spring Security and i just can't get @PreAuthorize to work correctly (3rd day i'm looking for a solution). The normal Authentification (over web.xml) is working well.

    I have added following to my security xml:
    Code:
    <global-method-security pre-post-annotations="enabled" />
    And following before my function in the controller:
    Code:
    @PreAuthorize("hasRole('normalo')")
    I also added the Dependencies (i hope the right ones!?) to pom.xml:

    Code:
    		
     <dependency>
     	<groupId>org.springframework.security</groupId>
     	<artifactId>spring-security-config</artifactId>
     	<version>${org.springframework-version}</version>
     </dependency>
     <dependency>
     	<groupId>org.springframework.security</groupId>
     	<artifactId>spring-security-core</artifactId>
     	<version>${org.springframework-version}</version>
     </dependency>
     <dependency>
     	<groupId>org.springframework.security</groupId>
     	<artifactId>spring-security-web</artifactId>
     	<version>${org.springframework-version}</version>
     </dependency>
    I am using the Spring Tool Suite 3.1.0.

    I've packed an example project to better show you my problem. You can test the normal authentification with /auth and the PreAuthorize with /preauth. User: test - Password: 123

    Hope you can help me and thanks in advance.

    Regards

  • #2
    Please use the forum search as this question has been answered before...

    Move your global-method-security element to the context file containing/scanning your controllers. (I suggest a read of chapter 3 of the spring reference guide). Bean(Factory)PostProcessors will only operate on beans in the same application context, my guess is your security.xml is loaded by the ContextLoaderListener and your controller by the DispatcherServlet (both create an applicationcontext).

    Comment

    Working...
    X