Spring Security读书笔记--Security Annotation的使用

一直都是使用xml设置的方法进行method的权限控制。试着给manger的方法加@secured怎么试都不行。突然发现忘了设置annotation，记录一下。

<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd"><http auto-config="true" lowercase-comparisons="false"><!--<intercept-url pattern="/**/*.html*" access="ROLE_ADMIN,ROLE_USER"/>--><intercept-url pattern="/**/*.htm" access="ROLE_USER,ROLE_ADMIN" /><intercept-url pattern="/WEB-INF/jsp/*.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /><form-login login-page="/login.jsp"authentication-failure-url="/login.jsp?error=true"login-processing-url="/j_security_check" /><logout logout-url="/logout.jsp" invalidate-session="true" /><remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" /></http><!--<authentication-provider> <password-encoder hash="sha" /><user-service> <user name="user"password="12dea96fec20593566ab75692c9949596833adc9"authorities="ROLE_USER" /> <user name="admin"password="d033e22ae348aeb5660fc2140aec35850c4da997"authorities="ROLE_ADMIN" /> </user-service> </authentication-provider>--><authentication-provider user-service-ref="userDetailService"><password-encoder ref="passwordEncoder" /></authentication-provider><!--Golbal method auto annotation is set --><global-method-security secured-annotations="enabled"jsr250-annotations="enabled"><protect-pointcutexpression="execution(**..service.UserManager.removeUser(..))"access="ROLE_ADMIN" /></global-method-security></beans:beans>

?红色部分就是，气死我了。

使用用法

?一个权限 Secured ({"ROLE_USER"})

多个权限 ({"ROLE_USER", "ROLE_ADMIN"})

不知道能不能支持级联权限

?

@Secured({"ROLE_ADMIN"})public void saveUser(User user) throws Exception {if (user.getVersion() == null) {// if new user, lowercase userIduser.setUsername(user.getUsername().toLowerCase());}

4 楼 bluerose 2011-03-03 不知道能不能把@Secured加在controller层 我试了无效
我觉得能加在controller里更直观 因为每个controller里的方法就是一个功能点