我用spring security保护方法,但好像不起作用
这是我的spring-security的代码<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd"> <security:http auto-config="true">
<security:intercept-url pattern="/index.jsp" filters="none"/>
<security:intercept-url pattern="*.swf" filters="none"/>
<security:intercept-url pattern="*.html" access="ROLE_USER"/>
</security:http>
<security:authentication-provider user-service-ref="userDetailsService" />
<bean id="userDetailsService" class="com.mycompany.flex.security.UserDetailsServiceImpl" />
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<!-- access for method --> <security:global-method-security>
<security:protect-pointcut
expression="execution( * com.mycompany.flex.sample.dao.*DAOImpl.search*(..))"
access="ROLE_ADMIN_for"/>
</security:global-method-security>
<!-- <bean id="target" class="com.mycompany.flex.sample.dao.CustomerDAOImpl">
<security:intercept-methods>
<security:protect method="search*" access="ROLE_ADMIN_FOR" />
</security:intercept-methods>
</bean>
-->
<!-- <security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" /> -->
<!-- access for method -->
<bean id="httpSessionIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
</beans> 我的web.xml里主要代码
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/spring-security.xml
</param-value>
</context-param> <filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>在三种给方法设全县的方式中,只有annotations起作用,但要在代码里加东西。其余两种不起作用,不知道是为什么,哪为大侠能帮忙看看,谢谢了!!
这是我的spring-security的代码<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd"> <security:http auto-config="true">
<security:intercept-url pattern="/index.jsp" filters="none"/>
<security:intercept-url pattern="*.swf" filters="none"/>
<security:intercept-url pattern="*.html" access="ROLE_USER"/>
</security:http>
<security:authentication-provider user-service-ref="userDetailsService" />
<bean id="userDetailsService" class="com.mycompany.flex.security.UserDetailsServiceImpl" />
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
</list>
</property>
</bean>
<bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<!-- access for method --> <security:global-method-security>
<security:protect-pointcut
expression="execution( * com.mycompany.flex.sample.dao.*DAOImpl.search*(..))"
access="ROLE_ADMIN_for"/>
</security:global-method-security>
<!-- <bean id="target" class="com.mycompany.flex.sample.dao.CustomerDAOImpl">
<security:intercept-methods>
<security:protect method="search*" access="ROLE_ADMIN_FOR" />
</security:intercept-methods>
</bean>
-->
<!-- <security:global-method-security secured-annotations="enabled" jsr250-annotations="enabled" /> -->
<!-- access for method -->
<bean id="httpSessionIntegrationFilter"
class="org.springframework.security.context.HttpSessionContextIntegrationFilter" />
</beans> 我的web.xml里主要代码
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/spring-security.xml
</param-value>
</context-param> <filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>在三种给方法设全县的方式中,只有annotations起作用,但要在代码里加东西。其余两种不起作用,不知道是为什么,哪为大侠能帮忙看看,谢谢了!!
解决方案 »
- myeclipse导入项目.java文件里面中文乱码,但jsp xml 等文件都没有乱码..
- pager-tablib的问题,有人用过没?
- 请教各位成功的经验
- 关于listener问题,在线急等!!
- 跪请有经验者,老鸟,版主进来看看?
- [求助],在xsl中如何取得当前节点的属性集?
- 解析HTML
- tomcat安装好了,但http://127.0.0.1:8080/admin为空白页!
- 如何在struts-config.xml中设置 <forward name="success" path="关闭页面"/>
- Jbuilder如何生成一个类的stub和skeleton??????
- 调用gdal.jar进行坐标转换时出错,哪位知道请指点下!
- 从Apusic导出的项目用Tomcat配置,怎么做??(急)
我现在也遇到这问题啦,很郁闷!
能帮我说说你是怎么解决的不?
谢谢