在扩展另一个类的控制器的方法上使用Spring Security注释
[英]Using Spring Security annotation on a method of a controller that extends another class
问题描述
I have very similar spring-security beans configuation to this example . 
我对此示例的 spring-security bean配置非常相似。 The @Secured annotation on controller's methods only function properly if it is on a method of a class that does not subclass another class. 控制器方法上的@Secured注释只有在不是另一个类的子类的方法上才能正常工作。 In other words, this following code does not work (an exception raised during the bean initializtion): 换句话说,以下代码不起作用(在bean初始化期间引发的异常):
@Controller
@RequestMapping("/systeminfo")
public class SystemInfoController extends AbstractViewableController {
@RequestMapping(method = RequestMethod.GET, value = "/")
@Secured("ROLE_USER") // an exception below was raised
public void view(HttpServletRequest request) {
}
}
Here is the exception: 这是一个例外:
org.springframework.beans.factory.BeanCreationException: Error creating bean wit
h name 'systemInfoController' defined in file [C:\workspace\my\my-webapp
\target\classes\my\webapp\controller\SystemInfoController.class]: Initializa
tion of bean failed; nested exception is org.springframework.aop.framework.AopCo
nfigException: Could not generate CGLIB subclass of class [class my.webapp.c
ontroller.SystemInfoController]: Common causes of this problem include using a f
inal class or a non-visible class; nested exception is net.sf.cglib.core.CodeGen
erationException: java.lang.RuntimeException-->RequestMapping annotation cannot
be found on my.webapp.controller.SystemInfoController$$EnhancerByCGLIB$$e99f
e366
So I follow the instruction here and add proxy-target-class="true" to <global-method-security ...> (Not sure if it is related) but the security aspect is still lost. 所以我按照这里的说明将proxy-target-class="true"到<global-method-security ...> (不确定它是否相关)但安全方面仍然丢失。 However, if the superclass is removed, then the security get applied properly, ie forward to login page. 但是,如果删除了超类,则正确应用安全性,即转发到登录页面。
Does anyone know what is going on and how to fix the problem when the controller needs to extend another class? 当控制器需要扩展另一个类时,有谁知道发生了什么以及如何解决问题?
2 个解决方案
解决方案1
0 2011-11-24 05:40:53
Have you enabled secured-annotations in your security.xml file 您是否在security.xml文件中启用了安全注释
<global-method-security secured-annotations="enabled" />
Moreover, these annotations only work for Spring beans. 而且,这些注释仅适用于Spring bean。 You need to inject these beans rather than just creating normal instances. 您需要注入这些bean而不仅仅是创建普通实例。 Try using Spring Dependency Injection. 尝试使用Spring Dependency Injection。
解决方案2
0 已采纳 2011-11-29 15:54:16
This is highly probably a bug in spring bean factory, spring annotation scanner or the the generation of subclass using CGLIB. 这很可能是spring bean工厂,spring注释扫描程序或使用CGLIB生成子类的错误。 Spring should not scan the annotation on the subclasses that are generated by CGLIB directly since they are lost. Spring不应该直接扫描CGLIB生成的子类上的注释,因为它们会丢失。 It should scan its target class. 它应该扫描其目标类。 In this case, it tried to scan @ResquestMapping on my.webapp.controller.SystemInfoController$$EnhancerByCGLIB$$e99fe366 . 在这种情况下,它试图扫描@ResquestMapping上my.webapp.controller.SystemInfoController$$EnhancerByCGLIB$$e99fe366 。
However, since the whole thing works if SystemInfoController doesn't extend an abstrat class. 但是,如果SystemInfoController没有扩展一个abstrat类,那么整个过程就可以了。 It indicates that the annotation may be lost only when the controller is a subclass which suggests that this may be a bug in generating proxy subclass or a limitation of CGLIB. 它表示只有当控制器是子类时才会丢失注释,这表明这可能是生成代理子类或CGLIB限制的错误。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.