[英]spring session scope form is null when using @Secured
When use @Secured annotation, form(controller's member and session scope) become null.使用@Secured 注解时,form(controller's member and session scope) 变为null。
Form.java表单.java
@Component
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public class Form {
//members...
}
Controller.java控制器.java
@Controller
public class Controller {
@Autowired
private Form form;
@ModelAttribute("form")
private Form initForm(Principal principal) {
return form;
}
@RequestMapping(value = "/someAction", method = { RequestMethod.POST })
@Secured("hasRole('ROLE_CHILD')")
public String someAction(Principal principal) {
return "/some"
}
}
some.html(with thymeleaf) some.html(带有百里香叶)
<!-- display when form is NOT null -->
<span th:if="${form}">form is NOT null</span>
<!-- display when form is null -->
<span th:unless="${form}">form is null</span>
I browse "/someAction", then "form is null" is displayed.我浏览“/someAction”,然后显示“表单为空”。
and change Controller#someAction(Principal) code like below (delete @Secured annotation)并更改 Controller#someAction(Principal) 代码如下(删除 @Secured 注释)
@RequestMapping(value = "/someAction", method = { RequestMethod.POST })
//@Secured("hasRole('ROLE_CHILD')")
public String someAction(Principal principal) {
return "/some"
}
again browse page, "form is NOT null" is displayed.再次浏览页面,显示“表单不为空”。
if use @PreAuthorize instead of @Secured, it becomes same result.如果使用@PreAuthorize 而不是@Secured,则结果相同。 And Security function supplied by @Secured works fine. @Secured 提供的安全功能工作正常。 I got 403 response.我收到了 403 响应。
Why @Secured make form null?为什么@Secured 使表单为空?
tested on测试
and和
Try changing the scope of initForm method from private to public.尝试将 initForm 方法的范围从私有更改为公共。 – Shinichi Kai You save my day, thanks you ! – Shinichi Kai 你拯救了我的一天,谢谢你!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.