Printable View
I just recognized that i have another problem now with my global-method-security definition!
In my old config I used a self implemented class which only added the @secured Annotation if one of the arguments in the method was of class LaufnummerId.
With my configuration now, @secured is added at every method.
Is there a way I can do this with the new configuration? Because the class SecurityAnnotationAttributes doesnt' exist anymore.
regards angela
Point#1: As found in the latest version (Spring Security v2.0.3), this org.springframework.security.annotation.SecurityAn notationAttributes is not supported anymore.Quote:
Originally Posted by Luke Taylor
Point#2: As seen from the url, http://jira.springframework.org/brow...s:all-tabpanel, it is mentioned (by Adam Dyga - 06/May/08 01:34 PM) that " .... MethodDefinitionAttributes class exists, but SecurityAnnotationAttributes doesn't and due to this org.springframework.security.annotation.SecuredMet hodDefinitionSource should be used instead of them. "
But it is NOT mentioned how to use the SecuredMethodDefinitionSource for method level security. It would be better if a detailed example is provided within the documentation. The official documentation seems incomplete.
Point#3: Using <security:annotation-driven/> or, <annotation-driven/ >as mentioned Luke Taylor. But in Spring Security latest version (v2.0.3), this annotation is not found. So it would be better if some concrete solution is provided.
I'm still facing the problem. The @Secured annotation does not work actually.
My suggestion to Luke (or, any other SpringSecurity deveopment team member) is: please provide a complete example for method-based security using the @Secured annotation, this will resolve many problems/queries for members like us. It would be nice if this example includes: a spring-security config file, sample java files with @Secured annotations and specific version of the springsecurity API.
Thanks,
... M. Chisty
Enabling secured annotations is already explained in the manual:
http://static.springframework.org/sp...ethod-security
and the basic tutorial sample is a complete example - it contains code and configuration files which use secured annotations.
MCHISTY
The reason you are not finding the @Secure annotation is down to the JARs you have a dependency on. Taking the example directly from Spring's example, you could use the following dependency (Maven 2):
And you will find that you have access to the annotation. Remember that annotations only exist in JDK 1.5 onwards, hence why the 'spring-security-core-tiger' artifact has them, when the 'spring-security-core' does not.Quote:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core-tiger</artifactId>
<version>${spring.security.version}</version>
<!-- Bringing in Spring 2.0.8 -->
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
<!-- Bringing in Spring 2.0.8 -->
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-support</artifactId>
</exclusion>
</exclusions>
</dependency>
Apologies about the belated response, I hope it helps.