I am using spring protection with user, role, right organizations and the user has been successfully certified and I I can use its authorization archive.
I use AJAX to call watch pages and send Jason between front end and back end. The problem is that I do not know how to configure my spring-safe file because @PreAuthorize annotation does not work. My login page is shown when the app loads and redirects to the login page in case of a bad certificate which is sent from the controller in the JSN format. If you can help me solve the problem, then I would be grateful. // @Secured ("ROLE_RIGHT_READ_USER_LIST") @RequestMapping (value = "/ FindAll", method = RequestMethod.GET, {{" Application / JSN "}) generates @ResponsBody public string searchChoos (HTTP Provincial Request) {
This is my spring-safe file content:
& Lt ;? XML version = "1.0" encoding = "UTF-8"? & Gt; & Lt; Beans: beans xmlns = "http://www.springframework.org/schema/security" xmlns: beans = "http://www.springframework.org/schema/beans" xmlns: xsi = "http: // www. W3.org/2001/XMLSchema-instance "xsi: Schema Location =" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd Http://www.springframework.org/schema/security.html http://www.springframework.org/schema/security/spring-security-3.2.xsd"> & Lt; Global-law-security pre-post-annotation = "enabled" secure-annotation = "enabled" /> & Lt; Http auto-config = "true" usage-value = "true" & gt; & Lt; Intercept-url pattern = "/ user / findAll /" access = "hirol ('ROLE_RIGHT_READ_USER_LIST')" /> & Lt; / Http & gt; & Lt; Beans: Bean id = "jdbc authentication provider" category = "com.my.app.spring.jdbc authentication provider" /> & Lt; Authentication Manager & gt; & Lt; Authentication Provider Ref = "jdbcAuthenticationProvider" /> & Lt; / Authentication-manager & gt; & Lt; / Bean: beans & gt; And here's my controller:
@Controller @RequestMapping ("/ auth") Public SquidhaHandler Abishhandler {@Autowired protected UserService userService; @resources (name = "authentication provider") authentication provider authentication provider; @RequestMapping (value = "/ login", method = RequestMethod.POST, produces = {"application / JS"}) @ ResponseBody public string logon (@RequestParam (value = "username", required = true) string user Name, @ (value = "password", required = true) string password, httprespresave request) {authentication REQ = new username password attestation token (username, password); Authentication result = Authentication provider Authentication (request); SecurityContextHolder.getContext (). SetAuthentication (results); UserDetails userDetails = null; Authentication auth = SecurityContextHolder.getContext (). GetAuthentication (); If (Anonymous (anonymous attribution token of the context)) {userDetails = (UserDetails) SecurityContextHolder.getContext (). GetAuthentication (). GetPrincipal (); User user = (user) userDetails; For collection & lt;? Grant provides authorization & gt; Ga = userDetails.getAuthorities (); Http session session = request.getSession (true); Session.setAttribute (SESSION_ATTRIB_USER, user); Return getJsonSuccessData (user); } And {return getJsonErrorMsg (ar.getMsg ()); }}
OK, I really do not know how you can reference your reference However, I will paste here a Java based configuration that I am using:
import org.aopalliance.intercept.MethodInterceptor; Import org.springframework.context.annotation.AdviceMode; Import org.springframework.context.annotation.Bean; Import org.springframework.context.annotation.configuration; Import org.springframework.core.annotation.Order; Import org.springframework.security.access.PermissionEvaluator; Import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; Import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration; Import com.comilion.fw.app.security.MyPermissionEvaluator; @Configuration @EnableGlobalMethodSecurity (prePostEnabled = true) Public class GlobalMethodSecurityCtxConfiguration extends GlobalMethodSecurityConfiguration {} If you are using XML based configuration, simply add it to your configuration by using
Comments
Post a Comment