Denis Markov
Reputation: 309
Spring security. Annotation secured doesn't work
I have some problem. I use spring security for my application, and when i marked method annotation @Secured("ROLE_ADMIN"),it does not work.
@Secured("ROLE_ADMIN")
@RequestMapping(value = "/greeting",produces = "application/json")
public @ResponseBody List<UserEntity> greeting() {
return userService.getAllCurrentUsers();
}
This security-config.xml
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled"/>
<http pattern="/resources/**" security="none"/>
<http pattern="/loginSecurity" security="none"/>
<http pattern="/favicon.ico" security="none" />
<http use-expressions="true">
<intercept-url pattern="/**" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')"/>
<form-login login-page="/loginSecurity" default-target-url="/workspace"/>
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="bcrypt" />
<jdbc-user-service data-source-ref="dataSource"
authorities-by-username-query="SELECT userentity.username , roleentity.role_name from userentity
JOIN userentity_roleentity ON userentity.userid = userentity_roleentity.userlist_userid
JOIN roleentity ON userentity_roleentity.rolelist_role_name = roleentity.role_name
WHERE userentity.username = ?"
users-by-username-query="SELECT username,pwd,enable FROM userentity where username = ?"/>
</authentication-provider>
</authentication-manager>
The authentication works. Roles in the database are correct. This code also works.
sec:authorize access="hasRole('ROLE_ADMIN')">
<button onclick="loadHeadRef('workspace','settings')">
<img src='<spring:url value="/resources/image/settings.png"/>' alt="">Settings</button>
</sec:authorize>
Upvotes: 3
Views: 2892
Answers (1)
LynAs
Reputation: 6537
Try using @PreAuthorize
@PreAuthorize("hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_APPROVAL_PENDING')")
in the spring-servlet.xml put the following
<security:global-method-security
pre-post-annotations="enabled" secured-annotations="enabled" />
<mvc:annotation-driven />
Upvotes: 2
Related Questions
- Spring Security, Method Security annotation (@Secured ) is not working (java config)
- Spring Security, annotation @Secured is not working
- Can not get the @Secured Method Security annotations working in Spring Security
- @Secured annotation not working for method authorization
- Spring security using @security annotation in controller
- Spring Security 3.2: @Secured annotations not taken into account
- Spring 3.0 security not working with annotation based controllers
- Spring 3.1 ignoring my @Secured Annotations
- Spring Security+MVC annotations Illegal argument exception
- ignored Security annotations in spring mvc