个人中心
gpt4 book ai didi

spring-mvc - @PreAuthorize 不适用于 Spring Security 4

转载 作者:行者123 更新时间:2023-12-01 06:08:40 25 4
gpt4 key购买 nike

我遇到了 @PreAuthorize 的问题注解。有两件事要做。

  • 检索所有员工应由具有 USER 权限的人员完成或 ADMIN .
  • 删除员工应该由只有权限的人来完成 ADMIN .
    我需要通过 spring-security-4 使用方法级授权.

    • Project_explorer_view

    用户.java 
    package com.nikunj.SpringMethodLevelAuthorization;
    public class user {
        int id;
        String firstName;
        String type;

        public user(int id, String firstName, String type){
            this.id = id;
            this.firstName = firstName;
            this.type = type;
        }
        public int getId() {
            return id;
        }
        public void setId(int id) {
            this.id = id;
        }
        public String getFirstName() {
            return firstName;
        }
        public void setFirstName(String firstName) {
            this.firstName = firstName;
        }
        public String getType() {
            return type;
        }
        public void setType(String type) {
            this.type = type;
        }
    }

    用户服务.java 
    package com.nikunj.SpringMethodLevelAuthorization;
    import java.util.Vector;
    import org.springframework.security.access.prepost.PreAuthorize;
    public interface userService {
        @PreAuthorize("hasRole('ADMIN')")
        public void deleteUser(int id);

        @PreAuthorize("hasRole('ADMIN') or hasRole('USER')")
        public Vector<user> getAllUsers();
    }

    用户实现.java 
    package com.nikunj.SpringMethodLevelAuthorization;
    import java.util.Vector;
    public class userImplementation implements userService {
        Vector<user> users; 
        public userImplementation(){
            users = new Vector<user>();
            users.add(new user(1,"Nikunj","SE"));
            users.add(new user(2,"Abdul","SSE"));
            users.add(new user(3,"Mrinal","LSE"));
            users.add(new user(4,"Anurag","SE"));
            users.add(new user(5,"Naresh","LSE"));
            users.add(new user(6,"Mahesh","SE"));
        }

        public user findById(int id){
            for(user u : users){
                if(u.getId()==id){
                    return u;
                }
            }
            return null;
        }

        public Vector<user> getAllUsers(){
            return users;
        }

        public void deleteUser(int id){
            user u = findById(id);
            users.remove(u);
        }
    }

    homeController.java 
    package com.nikunj.SpringMethodLevelAuthorization;

    import java.util.Vector;

    import org.springframework.stereotype.Controller;
    import org.springframework.ui.Model;
    import org.springframework.web.bind.annotation.PathVariable;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    @Controller
    public class HomeController {
        userImplementation ui=new userImplementation();
        Vector<user> users;

        @RequestMapping(value = { "/users" },method = RequestMethod.GET)
        public String getAllUsers(Model model) {
            System.out.println("in getAll()");
            users=ui.getAllUsers();
            model.addAttribute("users", users);
            return "allUsers";
        }


        @RequestMapping(value = { "/delete/{id}" }, method = RequestMethod.GET)
        public String deleteUser(@PathVariable int id,Model model){
            System.out.println("in delete()");
            ui.deleteUser(id);
            users=ui.getAllUsers();
            model.addAttribute("users", users);
            return "allUsers";  
        }   
    }

    调度程序-servlet.xml 
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/mvc"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:context="http://www.springframework.org/schema/context"
        xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
            http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
            http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
        <!-- Enables the Spring MVC @Controller programming model -->
        <annotation-driven />

        <!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
        <resources mapping="/resources/**" location="/resources/" />

        <!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
        <beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
            <beans:property name="prefix" value="/WEB-INF/views/" />
            <beans:property name="suffix" value=".jsp" />
        </beans:bean>

        <context:component-scan base-package="com.nikunj.SpringMethodLevelAuthorization" />
    </beans:beans>

    Spring 安全.xml 
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd">

        <http auto-config="true">
            <intercept-url pattern="/" access="hasRole('USER') or hasRole('ADMIN')" />
        </http> 

        <!-- Eable method level security -->
        <global-method-security pre-post-annotations="enabled"/>    

        <authentication-manager>
            <authentication-provider>
                <user-service>
                    <user name="abdul" password="root123" authorities="ROLE_ADMIN"/>
                    <user name="nikunj" password="secret" authorities="ROLE_USER"/>
                </user-service>
            </authentication-provider>
        </authentication-manager>
    </beans:beans>

    web.xml 
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
                            http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

        <!-- Processes application requests -->
        <servlet>
            <servlet-name>dispatcher</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>

        <servlet-mapping>
            <servlet-name>dispatcher</servlet-name>
            <url-pattern>/</url-pattern>
        </servlet-mapping>

        <!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                         /WEB-INF/dispatcher-servlet.xml
                         /WEB-INF/spring-security.xml
            </param-value>
        </context-param>

        <!-- Creates the Spring Container shared by all Servlets and Filters -->
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>

        <!-- Spring Security Configuration -->
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>

        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    </web-app>

    最佳答案

    将 userImplementation 作为 Spring bean 并通过注解或在 xml 中定义将其注入(inject) HomeController。

    <beans:bean name="userService" class="com.nikunj.SpringMethodLevelAuthorization.userImplementation" />

    或者 
    @Service
    public class userImplementation implements userService {
    ....
    ....
    }

    然后在 HomeController 中 Autowiring 它。 
    @Controller
    public class HomeController {
        //userImplementation ui=new userImplementation();
        @Autowired
        UserService ui;
     ......
     ......
    }

    关于spring-mvc - @PreAuthorize 不适用于 Spring Security 4,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34740480/

    25 4 0
    文章推荐: jQuery 脚本在 IE 中花费太多时间
    文章推荐: java - Eclipse Luna,Google Web Kit - 创建 GWT RemoteService
    文章推荐: java - 具有参数 PersistentEntityResourceAssembler 的 RestController 的 JUnit
    文章推荐: jquery 动画浏览器窗口
    行者123
    个人简介

    我是一名优秀的程序员,十分优秀!

    滴滴打车优惠券免费领取
    滴滴打车优惠券
    全站热门文章
    Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
    广告合作:1813099741@qq.com 6ren.com