Announcement Announcement Module
Collapse
No announcement yet.
@Secured({ "ROLE_ADMIN" }) is been ignored Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • @Secured({ "ROLE_ADMIN" }) is been ignored

    Hi,
    I have a javaconfig file that is working fine.
    i debug my application in loading time and i see that the parameter is been transfered.
    Code:
    @Configuration
    public class SpringJavaConfig {	
    	@Bean
    	public BrandsApi brandsApi(){
    		return new BrandsApi();
    	}
    }
    inside BrandsApi I have a method with @Secured({ "ROLE_ADMIN" }) above it

    this is how i call the method:
    Code:
    ApplicationContext ctx = new AnnotationConfigApplicationContext(SpringJavaConfig.class);
    	BrandsApi brandsApi = (BrandsApi)ctx.getBean(BrandsApi.class);
            brandsApi.getAll();
    but for some reason i can get inside even though I have logged in ROLE_EMPLOYEE

    this is my BrandsApi class:
    Code:
    class BrandsApi extends BaseApi{
    	@Secured({ "ROLE_ADMIN" })
    	public void getAll() {
    		System.out.println("Hello");
    	}
    }
    Attached my xml's config.

    Thanks!

  • #2
    Originally posted by fatnjazzy View Post
    Code:
    ApplicationContext ctx = new AnnotationConfigApplicationContext(SpringJavaConfig.class);
    	BrandsApi brandsApi = (BrandsApi)ctx.getBean(BrandsApi.class);
            brandsApi.getAll();
    The ctx object has no knowledge of your Spring Security configuration, so it will not proxy the object. You need to @ImportResource the spring security configuration or use some other means of providing the aspects to secure your object.

    Comment

    Working...
    X