如何在spring security中添加@secure注解
如何在控制器的方法中添加@Secure注解并使其运行? 现在,当我运行它时,出现如下异常:
org.springframework.beans.factory.BeanCreationException:创建文件中定义的名为“companyController”的 bean 时出错[C:\workspace\sts\springsource\vfabric-tc-server-developer-2.6.1.RELEASE\spring-insight-instance\wtpwebapps\BillingEngine\WEB-INF\classes\com\sesami\common\management\web\ [controller\CompanyController.class]: bean 初始化失败;嵌套异常是org.springframework.aop.framework.AopConfigException:意外的AOP异常;嵌套异常是org.springframework.beans.factory.BeanCreationException:创建名为“org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0”的bean时出错:设置bean属性“accessDecisionManager”时无法解析对bean“accessDecisionManager”的引用';嵌套异常是 org.springframework.beans.factory.NoSuchBeanDefinitionException:未定义名为“accessDecisionManager”的 bean org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4723) 在 org.apache.catalina.core.StandardContext$1.call(StandardContext.java 在 java.lang.Thread.run(来源未知) 引起原因:org.springframework.aop.framework.AopConfigException:意外的AOP异常;嵌套异常是org.springframework.beans.factory.BeanCreationException:创建名为“org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0”的bean时出错:设置bean属性“accessDecisionManager”时无法解析对bean“accessDecisionManager”的引用';嵌套异常位于... 19 更多
我有 spring security .xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:context="http://www.springframework.org/schema/context"
xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security secured-annotations="enabled">
<!--
<protect-pointcut access="ROLE_ADMIN"
expression="execution(* com.sesami.common.management.web.controller.AdminController.*(..))" />
-->
</global-method-security>
<!-- URL pattern based security -->
<http auto-config="false" entry-point-ref="authenticationEntryPoint"
use-expressions="true">
<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
<intercept-url access="hasRole('ROLE_ADMIN')" pattern="/common/admin/**" />
<intercept-url pattern="/common/accounting/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/common/billing/**" access="hasRole('ROLE_COMPANY')" />
<logout logout-success-url="/" logout-url="/logout"/>
</http>.........
在控制器中我添加这样的内容
@Secure("ROLE_ADMIN")
@RequestMapping(value = "/common/admin/addAdmin", method = RequestMethod.GET)
public String add(ModelMap map) {
map.addAttribute(new Administrator());
return "/common/admin/addAdmin";
}
我需要配置或导入一些类吗?
how to add @Secure annoatation in controller's method and make it run?
Now when I run it the got the exception like :
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'companyController' defined in file [C:\workspace\sts\springsource\vfabric-tc-server-developer-2.6.1.RELEASE\spring-insight-instance\wtpwebapps\BillingEngine\WEB-INF\classes\com\sesami\common\management\web\controller\CompanyController.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0': Cannot resolve reference to bean 'accessDecisionManager' while setting bean property 'accessDecisionManager'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'accessDecisionManager' is defined
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4723)
at org.apache.catalina.core.StandardContext$1.call(StandardContext.java
at java.lang.Thread.run(Unknown Source)
Caused by: org.springframework.aop.framework.AopConfigException: Unexpected AOP exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor#0': Cannot resolve reference to bean 'accessDecisionManager' while setting bean property 'accessDecisionManager'; nested exception is at ... 19 more
I have spring security .xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:context="http://www.springframework.org/schema/context"
xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security secured-annotations="enabled">
<!--
<protect-pointcut access="ROLE_ADMIN"
expression="execution(* com.sesami.common.management.web.controller.AdminController.*(..))" />
-->
</global-method-security>
<!-- URL pattern based security -->
<http auto-config="false" entry-point-ref="authenticationEntryPoint"
use-expressions="true">
<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
<intercept-url access="hasRole('ROLE_ADMIN')" pattern="/common/admin/**" />
<intercept-url pattern="/common/accounting/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/common/billing/**" access="hasRole('ROLE_COMPANY')" />
<logout logout-success-url="/" logout-url="/logout"/>
</http>.........
And in controller i add like this
@Secure("ROLE_ADMIN")
@RequestMapping(value = "/common/admin/addAdmin", method = RequestMethod.GET)
public String add(ModelMap map) {
map.addAttribute(new Administrator());
return "/common/admin/addAdmin";
}
Do i need to config or import some class?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
Spring 应该为您创建一个默认的 accessDecisionManager,但看起来这并没有发生,可能是由于某些配置问题。只是为了好玩,如果您在 http 配置中将 auto-config 设置为 true 会发生什么?
Spring should be creating a default accessDecisionManager for you, but it looks like that isn't happening, probably due to some configuration issue. Just for kicks what happens if you set auto-config to true in your http config?
你必须定义这个bean。
you must define this bean.