Reputation: 54005
@Secured on Spring controllers and context mess
For web MVC I need at least two configs: dispatcher-servlet.xml and applicationContext.xml. I use the following filter for security:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
This filter needs springSecurityFilterChain, defined in applicationContext.xml with <security:http />
However, I want to use @Secured annotation on a @Controller, defined in dispatcher-servlet.xml. Again, this needs <security:http /> - in another context file!
All I'm trying to achieve is security on @Controller level. I don't care about securing deeper layers (@Service etc.) at all since this is the only entry point.
What is my way out of this mess? What am I doing wrong?
Upvotes: 1
Views: 388
Answers (1)
Reputation: 242686
To enable security annotations for controllers you only need to add <security:global-method-security ... /> to dispatcher-servlet.xml. Other security-related stuff stays in applicationContext.xml.
Upvotes: 3
Related Questions
- Spring security use wrong security context when there are two of them
- Spring Security 4.0.4 @Secured not securing controller method call
- Can't get @Secured working in Spring MVC
- Secure MVC Controller methods with @Secured annotation
- security util using SecurityContextHolder in spring application
- Spring MVC controller inheritance with spring security
- Another Spring Security issue
- Securing @Controller inconsistency
- Spring Security: multiple security context but returns wrong authentication-failure-url
- Spring Security + MVC : Questions around context definition & bean scope