-1
我試圖使用preAuthorize來保護網址。只有在課程中註冊的人才可以訪問課程。這裏是我的代碼:@PreAuthorize不工作在控制器上使用
控制器:
@Controller
@RequestMapping(value = "/course/{courseId}")
@PreAuthorize("@userService.isCurrentUserinCourse(authentication, courseId)")
public class SyllabusController {
@RequestMapping(value = { "/syllabus" }, method = RequestMethod.GET)
public ModelAndView syllabusPage(@PathVariable("courseId") int courseId) {
...}
UserServiceImpl:
@Service("userService")
public class UserServiceImpl implements UserService {
@Autowired
private UserDAO userDAO;
@Override
public boolean isUserinCourse(int userId, int courseId) {
return userDAO.isUserinCourse(userId, courseId);
}
@Override
public boolean isCurrentUserinCourse(Authentication authentication, int courseId) {
if (!(authentication instanceof AnonymousAuthenticationToken)) {
return isUserinCourse(((UserModel) authentication.getPrincipal()).getId(), courseId);
}
return false;
}
彈簧security.xml文件:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<global-method-security pre-post-annotations="enabled" />
<!-- enable use-expressions -->
<http auto-config="true" use-expressions="true">
我們我去/場/ {ID }/syllabus沒有登出,它顯示了它不應該在的頁面。並且調試不會進入UserServiceImpl中的isCurrentUserinCourse(認證認證,int courseId)方法。 其中
重新閱讀手冊:http://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html#el-pre-post-annotations (不是t他目前的版本,但它仍然適用) – 2016-12-06 18:17:13
另請參閱http://stackoverflow.com/questions/32156407/preauthorize-is-not-working-what-could-be-the-problems?rq=1 – 2016-12-06 18:19:29