Spring安全3.1 + JSF 2.0。 ManagedBeans中註釋方法的問題？

Question

Hy。我想要做的是將Spring安全與Jsf + Spring IOC + Hibernate應用程序集成在一起。我設法設置了登錄頁面並過濾了其他一些頁面。到目前爲止，還是很棒的，但是當我試圖將@Secured或@PreAuthorize對managedBean內部的方法進行註釋（在Dao的註解工作中），我意識到他們什麼都不做。我讀過，我需要FORCE類代理。 Spring使用基於代理的aop，託管bean實現一個接口，因此使用jdk動態代理而不是類代理。所以，我在配置文件中這樣做：

<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns:aop="http://www.springframework.org/schema/aop"**  
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd   
http://www.springframework.org/schema/aop 
    http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> 

<aop:aspectj-autoproxy proxy-target-class="true"/> 
//the rest of the beans 
</beans> 

ApplicationContext的安全XML看起來是這樣的：

<?xml version="1.0" encoding="UTF-8"?> 

<!-- - Sample namespace-based configuration - - $Id: applicationContext-security.xml 
3019 2008-05-01 17:51:48Z luke_t $ --> 

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/> 

<http pattern="/css/**" security="none" /> 
<http pattern="/pages/login.xhtml" security="none" /> 

<http auto-config='false'> 
    <intercept-url pattern="/pages/customer/**" access='ROLE_SITE_ADMIN' /> 
    <intercept-url pattern="/pages/department/overhead*" access='ROLE_SITE_ADMIN' /> 
    <intercept-url pattern="/**" 
     access='ROLE_SITE_ADMIN,ROLE_PROJECT_MANAGER,ROLE_DEPARTMENT_MANAGER,ROLE_ACCOUNTING' /> 
    <form-login login-page="/pages/login.xhtml" 
     default-target-url='/pages/reports.xhtml' always-use-default-target='true' 
     authentication-failure-handler-ref="userLoginService" /> 
    <logout invalidate-session="true" logout-success-url="/pages/login.xhtml"/> 
</http> 

<authentication-manager> 
    <authentication-provider user-service-ref='userLoginService'> 
     <password-encoder hash="md5" /> 
    </authentication-provider> 
</authentication-manager> 

<beans:bean id="userLoginService" class="com.evozon.demo.bean.SecureLoginService"> 
    <beans:property name="defaultFailureUrl" value="/pages/login.xhtml" /> 
    <beans:property name="userDao" ref="userDao" /> 
    <beans:property name="loginReportDao" ref="loginReportDao" /> 
</beans:bean> 
</beans:beans> 

誰能告訴我，爲什麼標註不託管bean內工作，以及如何解決問題？例如：

@PreAuthorize("ROLE_PROJECT_MANAGER") 
public void aproveVacation(Vacation vacation) {...} 

THX

Answer 1

的問題已經解決solved.The是轉變託管豆Spring的bean。這裏是如何：
web.xml中不需要的JSF偵聽只有那些SPRIN：

<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 
<listener> 
    <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> 
</listener> 

應用程序上下文需要這個配置在第一個工作：

<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" 
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd   
http://www.springframework.org/schema/aop 
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd 
http://www.springframework.org/schema/tx 
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> 


<context:component-scan base-package="com.company.demo.bean" /> 
<context:annotation-config /> 
<aop:config proxy-target-class="true" /> 
//other configs 
</beans>  

注意的是，前兩個需要爲Spring bean定義基本包（用於組件），並且需要爲bean註釋。第三個配置需要強制類代理here is why you need that。
Ok.once我們知道，我們改變了註解從JSF managedBeans到Spring組件：

@ManagedBean 
@SessionScoped 
public class UserLoginBean { 

@ManagedProperty(name = "userDao", value = "#{userDao}") 
private UserDao userDao; 
} 

到：

@Component 
@Scope("session") 
@Qualifier("userLoginBean") 
public class UserLoginBean { 

@Autowired 
private UserDao userDao; 
}  

這就是所有。如果你已經有這個配置，不工作，你應該在您的applicationContext.xml中設置<aop:config proxy-target-class="true" />。