Results 1 to 2 of 2

Thread: Spring security 3.0.2 annotation didn't work in normal application.

  1. Jun 9th, 2010, 04:50 AM #1
    tedyu002
    tedyu002 is offline Junior Member
    Join Date
    Jun 2010
    Posts
    2

    Question Spring security 3.0.2 annotation didn't work in normal application.

    I'am testing spring security 3.0.2 for my project. I would to use annotation to protected method. But the annotation is no effect.

    I use two seperate configure file

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation=
	"http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans.xsd
	">
  <import resource="SecurityContext.xml" />
</beans>
    and the SecurityContext.xml

    Code:
    <beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:security="http://www.springframework.org/schema/security"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.0.xsd">
  
  <bean id="AuthenticationProvider" class="test.system.security.AuthenticationProvider" />
  
  <security:authentication-manager alias="authenticationManager">
    <security:authentication-provider ref="AuthenticationProvider" />
  </security:authentication-manager>
  
  
  <bean id="AccessDecisionManager" 
  	class="test.system.security.AccessDecisionManager" />
  <bean id="expressionEvaluator" 
  	class="test.system.security.PermissionEvaluator" />  
  
  <bean id="expressionHandler"
      class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
        <property name="permissionEvaluator" ref="expressionEvaluator"/>
  </bean>
  
  <security:global-method-security 
  	access-decision-manager-ref="AccessDecisionManager"
  	pre-post-annotations="enabled">
    <security:expression-handler ref="expressionHandler"/>
    
  </security:global-method-security>
</beans>
    According to document, Just only setting pre-post-annotations="enabled" in golbal-method-security I can use @PreAuthorized , @PreFilter ,@PostAuthorize and @PostFilter in my program.

    I implemented GrantedAuthority with getAuthority() which return "Charger" an put in the implementation of Authentication method getAuthorties Collection<GrantedAuthority>.
    After authenticate by AuthenticationManger I put authentication with SecurityContextHolder.getContext.setAuthentication ( authentication).

    After set authenticate I run my own bussiness model.
    The target class like this.
    Code:
    public class Target{
  @PreAuthorize("hasRole('Charger')")
  public void process(){
    ...
  }
}
    And then I call process(). The process method is invoker. It's may right.
    But I fill any other string in PreAuthorize value the process still be invoker normally.

    The AccessDecisionManager is also not to take any effect.

    Did I miss any setting about annotation initialize?
    I tried context:annotation-config element it's no effect.
  2. Jun 9th, 2010, 07:51 PM #2
    tedyu002
    tedyu002 is offline Junior Member
    Join Date
    Jun 2010
    Posts
    2

    Default It's solved.

    I didn't put the target class instance in IOC container....
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules