Announcement Announcement Module
Collapse
No announcement yet.
Spring security 3.0.2 annotation didn't work in normal application. Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security 3.0.2 annotation didn't work in normal application.

    I'am testing spring security 3.0.2 for my project. I would to use annotation to protected method. But the annotation is no effect.

    I use two seperate configure file

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation=
    	"http://www.springframework.org/schema/beans
    	http://www.springframework.org/schema/beans/spring-beans.xsd
    	">
      <import resource="SecurityContext.xml" />
    </beans>
    and the SecurityContext.xml

    Code:
    <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
              http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
              http://www.springframework.org/schema/security
              http://www.springframework.org/schema/security/spring-security-3.0.xsd">
      
      <bean id="AuthenticationProvider" class="test.system.security.AuthenticationProvider" />
      
      <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="AuthenticationProvider" />
      </security:authentication-manager>
      
      
      <bean id="AccessDecisionManager" 
      	class="test.system.security.AccessDecisionManager" />
      <bean id="expressionEvaluator" 
      	class="test.system.security.PermissionEvaluator" />  
      
      <bean id="expressionHandler"
          class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
            <property name="permissionEvaluator" ref="expressionEvaluator"/>
      </bean>
      
      <security:global-method-security 
      	access-decision-manager-ref="AccessDecisionManager"
      	pre-post-annotations="enabled">
        <security:expression-handler ref="expressionHandler"/>
        
      </security:global-method-security>
    </beans>
    According to document, Just only setting pre-post-annotations="enabled" in golbal-method-security I can use @PreAuthorized , @PreFilter ,@PostAuthorize and @PostFilter in my program.

    I implemented GrantedAuthority with getAuthority() which return "Charger" an put in the implementation of Authentication method getAuthorties Collection<GrantedAuthority>.
    After authenticate by AuthenticationManger I put authentication with SecurityContextHolder.getContext.setAuthentication ( authentication).

    After set authenticate I run my own bussiness model.
    The target class like this.
    Code:
    public class Target{
      @PreAuthorize("hasRole('Charger')")
      public void process(){
        ...
      }
    }
    And then I call process(). The process method is invoker. It's may right.
    But I fill any other string in PreAuthorize value the process still be invoker normally.

    The AccessDecisionManager is also not to take any effect.

    Did I miss any setting about annotation initialize?
    I tried context:annotation-config element it's no effect.

  • #2
    It's solved.

    I didn't put the target class instance in IOC container....

    Comment

    Working...
    X