@Secured on Spring controllers and context mess_问答_开发者

@Secured on Spring controllers and context mess

开发者 https://www.devze.com 2023-03-19 19:13 出处：网络

For web MVC I need at least two configs: dispatcher-servlet.xml and applicationContext.xml. I use the following filter for security:

For web MVC I need at least two configs: dispatcher-servlet.xml and applicationContext.xml. I use the following filter for security:

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterPro开发者_Python百科xy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

This filter needs springSecurityFilterChain, defined in applicationContext.xml with <security:http />

However, I want to use @Secured annotation on a @Controller, defined in dispatcher-servlet.xml. Again, this needs <security:http /> - in another context file!

All I'm trying to achieve is security on @Controller level. I don't care about securing deeper layers (@Service etc.) at all since this is the only entry point.

What is my way out of this mess? What am I doing wrong?

To enable security annotations for controllers you only need to add <security:global-method-security ... /> to dispatcher-servlet.xml. Other security-related stuff stays in applicationContext.xml.