Spring security 3.1 +JSF 2.0 . problem with annotating methods in ManagedBeans?
Hy .What i am trying to do is to integrate Spring security with a Jsf+spring IOC +hibernate application.I have managed to set the login page and filter some other pages.So far so good, but when i tried to put @Secured or @PreAuthorize annotation on methods inside managedBeans (inside Dao's the annotation do work), i realized they do absolutely nothing. I have read that i need FORCE class proxies. Spring uses proxy based aop,the managed bean implements an interface hence jdk dynamic proxy instead of class proxy is used. So i did this in my config file:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"**
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> <aop:aspectj-autoproxy proxy-target-class="true"/>
//the rest of the beans
</beans>
The applicationContext-security Xml looks like this:
<?xml version="1.0" encoding="UTF-8"?> <!-- - Sample namespace-based configuration - - $Id: applicationContext-security.xml
3019 2008-05-01 17:51:48Z luke_t $ --> <beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/> <http pattern="/css/**" security="none" />
<http pattern="/pages/login.xhtml" security="none" /> <http auto-config='false'>
<intercept-url pattern="/pages/customer/**" access='ROLE_SITE_ADMIN' />
<intercept-url pattern="/pages/department/overhead*" access='ROLE_SITE_ADMIN' />
<intercept-url pattern="/**"
access='ROLE_SITE_ADMIN,ROLE_PROJECT_MANAGER,ROLE_DEPARTMENT_MANAGER,ROLE_ACCOUNTING' />
<form-login login-page="/pages/login.xhtml"
default-target-url='/pages/reports.xhtml' always-use-default-target='true'
authentication-failure-handler-ref="userLoginService" />
<logout invalidate-session="true" logout-success-url="/pages/login.xhtml"/>
</http> <authentication-manager>
<authentication-provider user-service-ref='userLoginService'>
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager> <beans:bean id="userLoginService" class="com.evozon.demo.bean.SecureLoginService">
<beans:property name="defaultFailureUrl" value="/pages/login.xhtml" />
<beans:property name="userDao" ref="userDao" />
<beans:property name="loginReportDao" ref="loginReportDao" />
</beans:bean>
</beans:beans>
Can someone tell my why the annotations do not work inside a managed bean,and how to resolve the problem ? ex:
@PreAuthorize("ROLE_PROJECT_MANAGER")
public void aproveVacation(Vacation vacation) {...}
Answer:
The problem has been solved.The solution is to transform the Managed beans to Spring beans. Here is how :
web.xml does not need the jsf listener only the sprin ones :
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
The application context need this config to work at first :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:component-scan base-package="com.company.demo.bean" />
<context:annotation-config />
<aop:config proxy-target-class="true" />
//other configs
</beans>
Note that the first two need to define the base package for the spring beans (for the Components) and that the beans are annotated.The third config is needed to force the class proxy,here is why you need that.
Ok.once we know that we change the annotations from jsf managedBeans to Spring components :
@ManagedBean
@SessionScoped
public class UserLoginBean { @ManagedProperty(name = "userDao", value = "#{userDao}")
private UserDao userDao;
}
to:
@Component
@Scope("session")
@Qualifier("userLoginBean")
public class UserLoginBean { @Autowired
private UserDao userDao;
}
That's all.If you have already this config and doesn't work you should set <aop:config proxy-target-class="true" /> into your applicationContext.xml.
PS:if nothing happened, you can change the
<sec:global-method-security secured-annotations="enabled" jsr250-annotations="enabled">
</sec:global-method-security>
to
<sec:global-method-security pre-post-annotations="enabled" >
</sec:global-method-security>
Spring security 3.1 +JSF 2.0 . problem with annotating methods in ManagedBeans?的更多相关文章
- Spring Boot 2.0 利用 Spring Security 实现简单的OAuth2.0认证方式1
0. 前言 之前帐号认证用过自己写的进行匹配,现在要学会使用标准了.准备了解和使用这个OAuth2.0协议. 1. 配置 1.1 配置pom.xml 有些可能会用不到,我把我项目中用到的所有包都贴出来 ...
- Spring Boot 2.0 利用 Spring Security 实现简单的OAuth2.0认证方式2
0.前言 经过前面一小节已经基本配置好了基于SpringBoot+SpringSecurity+OAuth2.0的环境.这一小节主要对一些写固定InMemory的User和Client进行扩展.实现动 ...
- Spring Boot2.0使用Spring Security
一.Spring Secutity简介 Spring 是一个非常流行和成功的 Java 应用开发框架.Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性 ...
- spring security 学习文档
web service Prepared by: Sea ...
- 朱晔和你聊Spring系列S1E10:强大且复杂的Spring Security(含OAuth2三角色+三模式完整例子)
Spring Security功能多,组件抽象程度高,配置方式多样,导致了Spring Security强大且复杂的特性.Spring Security的学习成本几乎是Spring家族中最高的,Spr ...
- spring security 5 There is no PasswordEncoder mapped for the id "null" 错误
转载请注明出处 http://www.cnblogs.com/majianming/p/7923604.html 最近在学习spring security,但是在设置客户端密码时,一直出现了一下错误提 ...
- Spring Security Java Config Preview--官方
原文地址:[1]https://spring.io/blog/2013/07/02/spring-security-java-config-preview-introduction/ [2]https ...
- web应用安全框架选型:Spring Security与Apache Shiro
一. SpringSecurity 框架简介 官网:https://projects.spring.io/spring-security/ 源代码: https://github.com/spring ...
- Spring Security 实战干货:OAuth2第三方授权初体验
1. 前言 Spring Security实战干货系列 现在很多项目都有第三方登录或者第三方授权的需求,而最成熟的方案就是OAuth2.0授权协议.Spring Security也整合了OAuth2. ...
随机推荐
- UVALive-3126 Taxi Cab Scheme (DAG的最小路径覆盖)
题目大意:要给n个人安排车,已知每个人的出发时间和起点与终点,问最少需要安排几辆车才能完成任务. 题目分析:最小路径覆盖.如果送完a到目的地后能在b出发之前赶来接b,那么连一条有向边a->b,最 ...
- 配置Spring Boot通过@ConditionalOnProperty来控制Configuration是否生效
Spring boot中有个注解@ConditionalOnProperty,这个注解能够控制某个configuration是否生效. 具体操作是通过其两个属性name以及havingValue来实现 ...
- Xcode6中手动添加Precompile Prefix Header
Xcode5中创建一个工程的时候,系统会自动创建一个以以工程名为名字的pch(Precompile Prefix Header)文件,开发的过程中可以将广泛使用的头文件以及宏包含在该文件下,编译器就会 ...
- 《免费前端教程不会告诉你这些》知乎LIVE读后感
这个是昨天偶然间在知乎上看到的一个知乎LIVE,答题就是音频在线直播吧,我试听了一下觉得分享的还不错,就买了完整的.主讲人叫方应杭,貌似是个挺牛逼的程序猿,之前没有听过,但这是个典型的科班出生的程序员 ...
- IDEA12使用初体验
最近将开发工具IDEA升级到了12.0版本,被它新的UI界面深深吸引,看下面,很酷哦~ 一.下载安装 在IDEA官网下载最近版本12.0,有免费的社区版,还有收费的无限制版,大家可以自行下载. 下载后 ...
- Shell排序算法和合并排序算法
Shell排序(希尔排序)算法Shell排序严格来说基于插入排序的思想,其又称为希尔排序或者缩小增量排序. Shell排序的流程:1.将由n个元素的数组分成n/2个数字序列,第1个数据和第n/2+1个 ...
- 《DSP using MATLAB》示例 Example 10.2
代码: %% ------------------------------------------------------------------------ %% Output Info about ...
- [LOJ2541]「PKUWC2018」猎人杀
loj description 有\(n\)个猎人,每个猎人有一个仇恨度\(w_i\),每个猎人死后会开一枪打死一个还活着的猎人,打中每个猎人的概率与他的仇恨度成正比. 现在你开了第一枪,打死每个猎人 ...
- jQuery因mouseover,mouseout冒泡产生的闪烁问题
由于浏览器的冒泡行为.造成如果在一个DIV元素上同时定义了mouseover,mouseout的时候,当鼠标移动到DIV中的child子元素的时候,就会同时执行了两个操作mouseover和mouse ...
- 【转】VC++ 也有 Refactoring 功能了
原文网址:http://blog.csdn.net/yapingxin/article/details/18923095 分类: C++2014-02-04 14:00 2688人阅读 评论(0) 收 ...