1. 首页
  2. 问答
  3. Spring安全3.1 + JSF 2.0。 ManagedBeans中注释方法的问题?

Spring安全3.1 + JSF 2.0。 ManagedBeans中注释方法的问题?

2011-09-20 95 views
2

Hy。我想要做的是将Spring安全与Jsf + Spring IOC + Hibernate应用程序集成在一起。我设法设置了登录页面并过滤了其他一些页面。到目前为止,还是很棒的,但是当我试图将@Secured或@PreAuthorize对managedBean内部的方法进行注释(在Dao的注解工作中),我意识到他们什么都不做。我读过,我需要FORCE类代理。 Spring使用基于代理的aop,托管bean实现一个接口,因此使用jdk动态代理而不是类代理。所以,我在配置文件中这样做:Spring安全3.1 + JSF 2.0。 ManagedBeans中注释方法的问题?

<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:aop="http://www.springframework.org/schema/aop"**  
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd   
http://www.springframework.org/schema/aop 
    http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> 

<aop:aspectj-autoproxy proxy-target-class="true"/> 
//the rest of the beans 
</beans>

ApplicationContext的安全XML看起来是这样的:

<?xml version="1.0" encoding="UTF-8"?> 

<!-- - Sample namespace-based configuration - - $Id: applicationContext-security.xml 
3019 2008-05-01 17:51:48Z luke_t $ --> 

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/> 

<http pattern="/css/**" security="none" /> 
<http pattern="/pages/login.xhtml" security="none" /> 

<http auto-config='false'> 
    <intercept-url pattern="/pages/customer/**" access='ROLE_SITE_ADMIN' /> 
    <intercept-url pattern="/pages/department/overhead*" access='ROLE_SITE_ADMIN' /> 
    <intercept-url pattern="/**" 
     access='ROLE_SITE_ADMIN,ROLE_PROJECT_MANAGER,ROLE_DEPARTMENT_MANAGER,ROLE_ACCOUNTING' /> 
    <form-login login-page="/pages/login.xhtml" 
     default-target-url='/pages/reports.xhtml' always-use-default-target='true' 
     authentication-failure-handler-ref="userLoginService" /> 
    <logout invalidate-session="true" logout-success-url="/pages/login.xhtml"/> 
</http> 

<authentication-manager> 
    <authentication-provider user-service-ref='userLoginService'> 
     <password-encoder hash="md5" /> 
    </authentication-provider> 
</authentication-manager> 

<beans:bean id="userLoginService" class="com.evozon.demo.bean.SecureLoginService"> 
    <beans:property name="defaultFailureUrl" value="/pages/login.xhtml" /> 
    <beans:property name="userDao" ref="userDao" /> 
    <beans:property name="loginReportDao" ref="loginReportDao" /> 
</beans:bean> 
</beans:beans>

谁能告诉我,为什么标注不托管bean内工作,以及如何解决问题?例如:

@PreAuthorize("ROLE_PROJECT_MANAGER") 
public void aproveVacation(Vacation vacation) {...}

THX

来源

2011-09-20 Alexx

回答

0

的问题已经解决solved.The是转变托管豆Spring的bean。这里是如何:
web.xml中不需要的JSF侦听只有那些SPRIN:

<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 
<listener> 
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> 
</listener>

应用程序上下文需要这个配置在第一个工作:

<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" 
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd   
http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
http://www.springframework.org/schema/tx 
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> 


<context:component-scan base-package="com.company.demo.bean" /> 
<context:annotation-config /> 
<aop:config proxy-target-class="true" /> 
//other configs 
</beans>

注意的是,前两个需要为Spring bean定义基本包(用于组件),并且需要为bean注释。第三个配置需要强制类代理here is why you need that
Ok.once我们知道,我们改变了注解从JSF managedBeans到Spring组件:

@ManagedBean 
@SessionScoped 
public class UserLoginBean { 

@ManagedProperty(name = "userDao", value = "#{userDao}") 
private UserDao userDao; 
}

到:

@Component 
@Scope("session") 
@Qualifier("userLoginBean") 
public class UserLoginBean { 

@Autowired 
private UserDao userDao; 
}

这就是所有。如果你已经有这个配置,不工作,你应该在您的applicationContext.xml中设置<aop:config proxy-target-class="true" />

来源

2011-09-23 11:49:09 Alexx

相关问题

 相关问题