Cannot get @Secured while working in Spring MVC

Question

Cannot get @Secured while working in Spring MVC

I use Spring MVC to provide RESTful services. I have already enabled authentication through HTTPBasicAuthentication, and using <security:http>, I can control which roles can access URLs.

Now I want to use annotation @Secured. I tried adding it to the Controller methods, but this will not work. He just does nothing.

Here is my class Controller:

@Controller
@RequestMapping("/*")
public class HomeController {
private static final Logger logger = LoggerFactory.getLogger(HomeController.class);

private static final String USERS = "/users";
private static final String USER = USERS+"/{userId:.*}";

    @RequestMapping(value=USER, method=RequestMethod.GET)
    @Secured(value = {"ROLE_ADMIN"})
    public @ResponseBody User signin(@PathVariable String userId) {
        logger.info("GET users/"+userId+" received");
        User user= service.getUser(userId);
        if(user==null)
                throw new ResourceNotFoundException();
        return user;
    }
}

This is mine security-context.xml:

<http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER"/>
</http>

<global-method-security secured-annotations="enabled" />

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="admin@somedomain.com" password="admin"
                authorities="ROLE_USER, ROLE_ADMIN" />
            <user name="user@somedomain.com" password="pswd"
                authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>

And mine root-context.xml:

<context:component-scan base-package="org.mypackage" />

<import resource="database/DataSource.xml"/> 

<import resource="database/Hibernate.xml"/>

<import resource="beans-context.xml"/> 

<import resource="security-context.xml"/>

, @Secured, : user@somedomain.com, ROLE_ADMIN. <security:global-method-security> root-context.xml, . <security:http>, , @Secured.

.

EDIT: servlet-context.xml controllers.xml appServlet.

servlet-context.xml:

<mvc:resources mapping="/resources/**" location="/resources/" />

<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <beans:property name="prefix" value="/WEB-INF/views/" />
    <beans:property name="suffix" value=".jsp" />
</beans:bean>

<beans:import resource="controllers.xml" />

controllers.xml:

<context:component-scan base-package="org.mose.emergencyalert.controllers" />

<beans:bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />     

<beans:bean id="homeController" class="org.mose.emergencyalert.controllers.HomeController"/>

+5

java spring spring-mvc spring-security restful-architecture

user1781028 21 . '13 10:36

2

user1781028 · Answer 1 · 2013-01-21T11:26:45+0000

, <global-method-security> servlet-context.xml security-context.xml.

security-context.xml:

<annotation-driven />

<security:global-method-security secured-annotations="enabled"/>

<resources mapping="/resources/**" location="/resources/" />

<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <beans:property name="prefix" value="/WEB-INF/views/" />
    <beans:property name="suffix" value=".jsp" />
</beans:bean>

NB: Eclipse <security:global-method-security>: "advises org.mypackage.HomeController.signin(String, Principal)", , @Secured.

becher henchiri · Answer 2 · 2016-06-10T10:14:01+0000

, ViewResolve: xml xml <security:global-method-security pre-post-annotations="enabled" secured annotations="enabled">

tuto

Cannot get @Secured while working in Spring MVC

More articles: