在遷移遺留應用程序的Spring Security我有以下異常:如何在Spring Security中使用自定義角色/權限?
org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot resolve reference to bean '_filterSecurityInterceptor' while setting bean property 'filters' with key [3]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterSecurityInterceptor': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [superadmin]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:480)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
在舊的應用程序有像「超級管理員」,「編輯」,「服務支持」等,但在所有的Spring Security例子角色我只看到像「ROLE_」(「ROLE_ADMIN」等)的角色。當我將「superadmin」重命名爲「ROLE_ADMIN」並僅在配置中使用此角色時,一切正常。
不起作用:
<http auto-config="true">
<intercept-url pattern="/restricted/**" access="superadmin"/>
<form-login
authentication-failure-url="/secure/loginAdmin.do?error=true"
login-page="/secure/loginAdmin.do" />
</http>
作品:
<http auto-config="true">
<intercept-url pattern="/restricted/**" access="ROLE_ADMIN"/>
<form-login
authentication-failure-url="/secure/loginAdmin.do?error=true"
login-page="/secure/loginAdmin.do" />
</http>
可以使用自定義角色的名字呢?
這個[問題](http://stackoverflow.com/questions/283870/acegi-security-how-do-i-add - 另一個授權 - 認證 - 匿名)可能會有所幫助。 – kgiannakakis 2009-06-12 14:29:31