Courses
Sections
Projects
Wiki
News
Forums
Surveys
Mailing Lists| Author | Message |
|---|---|
|
malamma
Posts: 25
|
Posted 20:53 Jun 07, 2012 |
Hey guys, Have any of you gotten PreAuthorize annotations to work in CSNS2? I've added the:
<global-method-security pre-post-annotations="enabled" />
To my security.xml and reloaded the application but for some reason my PreAuthorize annotations are just being ignored.
Thanks |
|
Vanquish39
Posts: 134
|
Posted 20:56 Jun 07, 2012 |
Try this: <global-method-security secured-annotations="enabled" pre-post-annotations="enabled"/> |
|
tloi
Posts: 16
|
Posted 21:03 Jun 07, 2012 |
Maybe you need Maven update dependencies. |
|
malamma
Posts: 25
|
Posted 21:07 Jun 07, 2012 |
Thanks for the suggestions but neither worked. I'm testing them by using this annotation before my viewSite method.
@PreAuthorize("true == false")
The site still shows up.
|
|
Vanquish39
Posts: 134
|
Posted 21:09 Jun 07, 2012 |
Does your http config look like this? <http auto-config="true" use-expressions="true"> |
|
tloi
Posts: 16
|
Posted 21:13 Jun 07, 2012 |
<security:global-method-security pre-post-annotations="enabled" /> |
|
malamma
Posts: 25
|
Posted 21:13 Jun 07, 2012 |
Yup.
Do I need to define some sort of custom filter or url-intercept for it? |
|
malamma
Posts: 25
|
Posted 21:17 Jun 07, 2012 |
I added the following security namespace to the bean definition and then added the security namespace keyword but that doesn't change anything. xmlns:security="http://www.springframework.org/schema/security" |
|
DavidGilbert
Posts: 40
|
Posted 21:54 Jun 07, 2012 |
Having the same problem. I can filter access in the http config to the controllers RequestMappings, but I can't use annotations to stop someone from viewing it. even @PreAuthorize("hasRole('ROLE_INSTRUCTOR')") doesn't work or any basics just to check if someone is logged in. MALAMMA, did you ever figure this out? I looked on stackoverflow and someone mentioned something about their jars being out of sync or something weird like that, but I have no idea how to correct that issue, if that were even the case. |
|
gavik
Posts: 1
|
Posted 21:59 Jun 07, 2012 |
Are you guys using the annotations in your controllers or your DaoImpl's? I believe the annotations only work on the cached bean objects that are stored in the application context. Try annotating one of your save methods and see if the SpEL is evaluated. Hope that helps. |
|
Vanquish39
Posts: 134
|
Posted 22:16 Jun 07, 2012 |
package guestlist.model.User.dao; Last edited by Vanquish39 at
22:17 Jun 07, 2012.
|
|
Vanquish39
Posts: 134
|
Posted 22:16 Jun 07, 2012 |
<?xml version="1.0" encoding="UTF-8"?> Last edited by Vanquish39 at
22:18 Jun 07, 2012.
|
|
cysun
Posts: 2935
|
Posted 22:28 Jun 07, 2012 |
If you use the annotation in controllers, you need to add the <global-method-security> thing to spring.xml. If you use the annotation in other places (like in DaoImpl), you need to add <global-method-security> to security.xml. Basically in CSNS2, spring.xml is <servlet-name>-servlet.xml (or Spring's "servlet context"), and everything under /WEB-INF/spring (e.g. data.xml, security.xml etc.) combined together is applicationContext.xml (or Spring's "application context"). Because for some reason Spring does not combine these two contexts, enabling method security needs to be done separately. |
|
malamma
Posts: 25
|
Posted 23:02 Jun 07, 2012 |
That worked like a charm. I did not realize that spring.xml served as the servlet-context.xml for csns2.
Here's my final code block in spring.xml:
|
|
DavidGilbert
Posts: 40
|
Posted 23:15 Jun 07, 2012 |
Yeah, was going to say that little explanation really helped me figure it out too. |
