Trying to write a simple proof of concept based around method security using spring security. But simple application I have written won't seem to pick up the @Secured annotation on a method.
<beans:bean id="hello" class="org.testing.Hello">
<beans:property name="name" value="Bob" />
</beans:bean>
<global-method-security secured-annotations="enabled" access-decision-manager-ref="accessDecisionManager"/>
<authentication-manager alias="_authenticationManager">
<authentication-provider>
<user-service>
<user password="password" name="me" authorities="ROLE_A"/>
<user password="password" name="notMe" authorities="ROLE_B"/>
</user-service>
</authentication-provider>
</authentication-manager>
My secured method is defined as follows (I have tried securing the actual method implementation as well as getting rid of the interface all together)
public interface IHello {
@Secured("ROLE_C")
public void greet();
}
I am using spring security 3.0.4
Using a unit test to load the context file (only one context file in the application) and call the method:
AuthenticationManager authManager = (AuthenticationManager) factory.getBean("_authenticationManager");
UsernamePasswordAuthenticationToken login = new UsernamePasswordAuthenticationTo开发者_如何学运维ken("me", "password");
SecurityContextHolder.getContext().setAuthentication(authManager.authenticate(login));
Hello hello = (Hello) factory.getBean("hello");
hello.greet();
But it does not seem to be identifying the annotation on the greet method. Any help would be greatly appreciated (I am new to spring and spring security)
精彩评论