如何在Spring Security中添加@secure注释

Question

如何在控制器的方法中添加@Secure注释并使其运行？ 现在，当我运行它时，出现了如下异常：

org.springframework.beans.factory.BeanCreationException：在文件[C：\\ workspace \\ sts \\ springsource \\ vfabric-tc-server-developer-2.6.1.RELEASE \\ spring-insight-instance中创建名称为'companyController'的bean时出错\\\\ wtpwebapps \\ BillingEngine \\ WEB-INF \\ classes \\ com \\ sesami \\ common \\ management \\ web \\ controller \\ CompanyController.class]：Bean初始化失败； 嵌套的异常是org.springframework.aop.framework.AopConfigException：意外的AOP异常； 嵌套异常是org.springframework.beans.factory.BeanCreationException：创建名称为org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor＃0'的bean时出错：在设置bean属性“ accessDecisionManager”时无法解析对bean“ accessDecisionManager”的引用'; 嵌套的异常是org.springframework.beans.factory.NoSuchBeanDefinitionException：没有在org.apache.catalina.core.StandardContext $ 1处定义名为``accessDecisionManager''的bean org.apache.catalina.core.StandardContext.listenerStart（StandardContext.java:4723） .call（java.lang.Thread.run处的StandardContext.java（未知源）原因：org.springframework.aop.framework.AopConfigException：意外的AOP异常；嵌套的异常是org.springframework.beans.factory.BeanCreationException：创建错误名称为“ org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor＃0”的bean：设置bean属性“ accessDecisionManager”时无法解析对bean“ accessDecisionManager”的引用；嵌套异常位于... 19另外

我有春季安全.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:context="http://www.springframework.org/schema/context"
    xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<global-method-security secured-annotations="enabled">
<!-- 
<protect-pointcut access="ROLE_ADMIN"
        expression="execution(* com.sesami.common.management.web.controller.AdminController.*(..))" />
         -->
</global-method-security>

<!-- URL pattern based security -->
<http auto-config="false" entry-point-ref="authenticationEntryPoint"
    use-expressions="true">
    <custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
    <intercept-url access="hasRole('ROLE_ADMIN')" pattern="/common/admin/**" />
    <intercept-url pattern="/common/accounting/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/common/billing/**" access="hasRole('ROLE_COMPANY')" />
    <logout logout-success-url="/" logout-url="/logout"/>

</http>.........

在控制器中我这样添加

@Secure("ROLE_ADMIN")
@RequestMapping(value = "/common/admin/addAdmin", method = RequestMethod.GET)
    public String add(ModelMap map) {
        map.addAttribute(new Administrator());
        return "/common/admin/addAdmin";
    }

我需要配置或导入某些类吗？

Answer 1

Cannot resolve reference to bean 'accessDecisionManager' while setting bean property 'accessDecisionManager'; nested exception is
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'accessDecisionManager' is defined 

Spring应该为您创建一个默认的accessDecisionManager，但似乎没有发生，这可能是由于某些配置问题所致。 只是踢一下，如果在http配置中将auto-config设置为true，会发生什么？

Answer 2

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
    <constructor-arg>
        <list>
            <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
            <bean class="org.springframework.security.access.vote.RoleVoter" />
            <bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </list>
    </constructor-arg>
</bean>

您必须定义此bean。