Spring Security-使用切入点的全局方法安全性不起作用
作者:互联网
我想在我的Web应用程序中应用方法级别的安全性,以便只有授权用户才能访问这些服务层方法.
有两种方法可以实现此目的.
1)使用@Secured批注并在带有配置(< security:global-method-security secure-annotations =“ enabled” />)的dispatcher-servlet.xml文件中批注我的服务层方法.
但这在我的情况下将花费很多时间,因为已经创建了太多的服务类和方法,因此找到方法并对其进行注释将不是一个好方法.
2)为方法级安全性定义切入点表达式,该表达式将自动检测服务中具有我的自定义批注@SecuredAdmin的方法,并使用角色ROLE_ADMIN对其进行保护.
在我的情况下,当我尝试测试时,选项1)工作得很好.而且没有问题.但是,当我尝试使用以下配置进行选项2)时,无法启动我的应用程序.
<security:global-method-security>
<security:protect-pointcut access="ROLE_ADMIN" expression="execution(@com.xxx.yyy.zzz.services.SecuredAdmin * *.*(..))"/>
</security:global-method-security>
尝试启动服务器时出现以下异常.
java.lang.IllegalArgumentException: error annotation type patterns are only supported at Java 5 compliance level or above
org.aspectj.weaver.tools.PointcutParser.parsePointcutExpression(PointcutParser.java:302)
org.aspectj.weaver.tools.PointcutParser.parsePointcutExpression(PointcutParser.java:279)
org.springframework.security.config.method.ProtectPointcutPostProcessor.postProcessBeforeInitialization(ProtectPointcutPostProcessor.java:94)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:394)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1448)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
org.springframework.context.support.AbstractApplicationContext.initMessageSource(AbstractApplicationContext.java:773)
org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:452)
org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:631)
org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:588)
org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
javax.servlet.GenericServlet.init(GenericServlet.java:160)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:333)
org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:219)
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1001)
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
java.lang.Thread.run(Unknown Source)
我尝试了所有可能的方法来将pom文件和eclipse项目属性中的代码合规性级别更改为1.6.
我正在使用Spring-Security 3.0,与aspectj相关的库如下.
spring-aop-3.1.0.RELEASE.jar
spring-aspects-3.1.0.RELEASE.jar
Aspectjrt-1.6.5.jar
Aspectjweaver-1.6.5.jar
请在这方面帮助我.询问我是否需要任何进一步的信息.
提前致谢.
解决方法:
您必须将Aspect Weaver配置为使用Java 1.6遵从级别.在构建插件部分中将类似的内容添加到pom.xml中.
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>aspectj-maven-plugin</artifactId>
<version>1.4</version>
<executions>
<execution>
<goals>
<goal>compile</goal>
<goal>test-compile</goal>
</goals>
</execution>
</executions>
<configuration>
<source>1.6</source>
<target>1.6</target>
<encoding>UTF-8</encoding>
<aspectLibraries>
<aspectLibrary>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
</aspectLibrary>
</aspectLibraries>
</configuration>
</plugin>
标签:spring-aop,spring-security,spring 来源: https://codeday.me/bug/20191031/1977588.html