开发者

Spring Security - @Secured not securing a method

开发者 https://www.devze.com 2023-02-25 11:37 出处:网络
Trying to write a simple proof of concept based around method security using spring security. But simple application I have written won\'t seem to pick up the @Secured annotation on a method.

Trying to write a simple proof of concept based around method security using spring security. But simple application I have written won't seem to pick up the @Secured annotation on a method.

<beans:bean id="hello" class="org.testing.Hello">
    <beans:property name="name" value="Bob" />
</beans:bean>

<global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/>

<authentication-manager alias="_authenticationManager">
<authentication-provider>
    <user-service>
        <user password="password" name="me" authorities="ROLE_A"/>
        <user password="password" name="notMe" authorities="ROLE_B"/>
    </user-service>
</authentication-provider>
</authentication-manager>

My secured method is defined as follows (I have tried securing the actual method implementation as well as getting rid of the interface all together)

public interface IHello {

@Secured("ROLE_C")
public void greet();

}

I am using spring security 3.0.4

Using a unit test to load the context file (only one context file in the application) and call the method:

AuthenticationManager authManager = (AuthenticationManager) factory.getBean("_authenticationManager");

UsernamePasswordAuthenticationToken login = new UsernamePasswordAuthenticationTo开发者_如何学运维ken("me", "password");
       SecurityContextHolder.getContext().setAuthentication(authManager.authenticate(login));

Hello hello = (Hello) factory.getBean("hello");
hello.greet();

But it does not seem to be identifying the annotation on the greet method. Any help would be greatly appreciated (I am new to spring and spring security)

0

精彩评论

暂无评论...
验证码 换一张
取 消