Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java在使用配置类时使用@PreAuthorize或@Secured with Jersey

4 月 Questions & Answers

我有一个类似于PreAuthorize annotation doesn't work with jersey的问题。我为Spring安全性创建了一个配置类,身份验证可以工作,但授权不能

这是我的密码

SpringSecurityConfig。java

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Order(1)
@ComponentScan({"com.foo.rest.resources.Template"})
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    private final UserService userService;
    private final TokenAuthenticationService tokenAuthenticationService;

    public SpringSecurityConfig() {
        super(true);
        this.userService = new UserService();
        tokenAuthenticationService = new TokenAuthenticationService("tooManySecrets", userService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
            http
                .exceptionHandling().and()
                .anonymous().and()
                .servletApi().and()
                .headers().cacheControl().and()
                .authorizeRequests()
                // Allow anonymous logins
                .antMatchers("/auth/**").permitAll()
                // All other request need to be authenticated
                .anyRequest().authenticated().and()

                // Custom Token based authentication based on the header previously given to the client
                .addFilterBefore(new StatelessAuthenticationFilter(tokenAuthenticationService),
                        UsernamePasswordAuthenticationFilter.class);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService()).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Bean
    @Override
    public UserService userDetailsService() {
        return userService;
    }

    @Bean
    public TokenAuthenticationService tokenAuthenticationService() {
        return tokenAuthenticationService;
    }
}

模板。java

@Component
@Path("/template")
@Produces(MediaType.APPLICATION_JSON)
public class Template {

    @GET
    @Secured("ROLE_EDITOR")
    public User getTemplate() {
        return new Template();
    }
}

我的猜测是,身份验证是在过滤器链中处理的,但在到达授权标签后,它永远不会返回。你知道怎么做吗


共 (1) 个答案

  1. # 1 楼答案

    我认为您的@ComponentScan配置错误,没有正确选择Template资源

    根据^{} documentation,该值是basePackages的别名,但您给出了一个类而不是包。尝试将其更改为如下所示,然后查看

    @ComponentScan({"com.foo.rest.resources.*"})

    并确保您没有错过Jersey Spring集成中的任何步骤,如documentation