[Spring-Flex] [ACEGI]错误或没有安全性
[英][Spring-Flex][ACEGI] Error or no security
问题描述
As I say in the title of my question, I don't succeed in configuring Spring Security... I've followed two articles written by James Ward or Jettro Coenradie but I still don't have it ! 
正如我在问题标题中所说的那样,我没有成功配置Spring Security ...我关注了James Ward或Jettro Coenradie撰写的两篇文章,但我仍然没有!
First I tried to make all this working in a fake project, and it worked well, thant I tried in the "real" project. 首先,我试图在一个假项目中使所有这些工作正常进行,然后又在“真实”项目中尝试了。 The configuration files are exactly the same regarding Spring Security, but the real project fails. 关于Spring Security,配置文件完全相同,但是实际项目失败。
My config In web.xml : 我在web.xml中的配置:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/applicationContext.xml</param-value>
</context-param>
...
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
...
<servlet>
<servlet-name>Spring MVC Servlet Dispatcher</servlet-name>
<display-name>Spring MVC Servlet Dispatcher</display-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/webApplicationContext.xml</param- value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
In applicationContext.xml : 在applicationContext.xml中:
<security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" />
<security:http entry-point-ref="preAuthenticatedEntryPoint">
<security:anonymous enabled="false"/>
</security:http>
<bean id="preAuthenticatedEntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="arnaud" password="arnaud" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
In webApplicationContext.xml ceci : 在webApplicationContext.xml ceci中:
<flex:message-broker>
<flex:secured />
</flex:message-broker>
And in each bean service : 在每个bean服务中:
<security:intercept-methods>
<security:protect method="*" access="ROLE_USER" />
</security:intercept-methods>
First I tried to replace this last piece of code by annotations @Secured("ROLE_USER"), which didn't work, that's why I used the security:intercept-methods and security:protect tags. 首先,我尝试用注解@Secured(“ ROLE_USER”)替换最后一段代码,该注释无效,这就是为什么我使用了security:intercept-methods和security:protect标记的原因。
In my first fake project, when I launch my flex application (a simple datagrid retrieving a list of products), the products are not loaded and I have a FaultEvent dispatched, so Spring Security works. 在我的第一个虚假项目中,当我启动flex应用程序(检索产品列表的简单数据网格)时,未加载产品,并且调度了FaultEvent,因此Spring Security可以工作。
In the second project, the real one, I have an error on deploy telling me that "*" (or "findAll" when I tried) is not a valid method name. 在第二个项目(真正的项目)中,我在部署时遇到错误,告诉我“ *”(或尝试时为“ findAll”)不是有效的方法名称。
With 用
<security:protect method="com.blablabla.UserService.findAll" access="ROLE_USER" />
I no longer have this error, and I can launch my flex application. 我不再遇到此错误,并且可以启动我的flex应用程序。
But when I launch it, all my users (yes, in this second application I retrieve users, not products) are loaded in the datagrid ! 但是,当我启动它时,我的所有用户(是的,在第二个应用程序中,我检索的是用户,而不是产品)都加载到了datagrid中! Which means the security doesn't work at all. 这意味着安全性根本不起作用。
It's driving me crazy ! 这让我疯狂 !
1 个解决方案
解决方案1
0 2010-08-08 04:22:08
我本来希望在<security:http>元素中看到一些<security:intercept-url>元素。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.