Hallo zusammen
Ich habe das beigefügte Beispiel (abgespecktes Beispielprogramm) programmiert. Leider funktioniert es nicht. Die Sicherheitsüberprüfung wird gar nicht erst durchgeführt.
Weiss jemand, was ich falsch mache?
Danke im Voraus!
Für die, die es nicht herunterladen möchten:
[XML]<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
Index of /schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
Index of /schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
Index of /schema/security http://www.springframework.org/schema/security/spring-security.xsd
Index of /schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
Index of /schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<bean id="userManager" class="org.sample.secure.DefaultUserManager" />
<bean id="startup" class="org.sample.secure.Startup" autowire="byType" />
<sec:global-method-security
pre-post-annotations="disabled" secured-annotations="enabled" />
<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service>
<sec:user name="user" password="user" authorities="ROLE_USER" />
<sec:user name="supervisor" password="supervisor"
authorities="ROLE_SUPERVISOR" />
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
</beans>[/XML]
[XML]<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>ch.gizmo</groupId>
<artifactId>sample2</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>sample2-project</name>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
<version>[0.0.0,]</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</project>[/XML]
Ich habe das beigefügte Beispiel (abgespecktes Beispielprogramm) programmiert. Leider funktioniert es nicht. Die Sicherheitsüberprüfung wird gar nicht erst durchgeführt.
Weiss jemand, was ich falsch mache?
Danke im Voraus!
Für die, die es nicht herunterladen möchten:
Java:
package org.sample.secure;
import java.util.HashMap;
import java.util.Map;
import org.springframework.security.access.annotation.Secured;
public class DefaultUserManager implements UserManager {
private Map<Integer, User> userMap = new HashMap<Integer, User>();
@Secured("ROLE_SUPERVISOR")
public User getUser(int id) {
return userMap.get(id);
}
@Secured("ROLE_SUPERVISOR")
public void updateUser(int id, User user) {
userMap.put(id, user);
}
}
Java:
package org.sample.secure;
import org.springframework.beans.factory.xml.XmlBeanFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
public class Startup {
private AuthenticationManager authenticationManager;
private UserManager userManager;
public void setAuthenticationManager(AuthenticationManager authenticationManager) {
this.authenticationManager = authenticationManager;
}
public void setUserManager(UserManager userManager) {
this.userManager = userManager;
}
public void test() {
Authentication request = new UsernamePasswordAuthenticationToken(
"user", "user");
Authentication response = authenticationManager.authenticate(request);
SecurityContextHolder.getContext().setAuthentication(response);
userManager.updateUser(0, new User("Hans", "Meier"));
System.out.println(userManager.getUser(0));
}
public static void main(String[] args) {
XmlBeanFactory bf = new XmlBeanFactory(new ClassPathResource(
"AppCtx.xml"));
((Startup)bf.getBean("startup")).test();
}
}
Java:
package org.sample.secure;
public class User {
private String firstName;
private String lastName;
public User(String firstName, String lastName) {
this.firstName = firstName;
this.lastName = lastName;
}
public String getFirstName() {
return firstName;
}
public String getLastName() {
return lastName;
}
@Override
public String toString() {
return "User [firstName=" + firstName + ", lastName=" + lastName + "]";
}
}
Java:
package org.sample.secure;
import org.springframework.security.access.annotation.Secured;
public interface UserManager {
@Secured("ROLE_USER")
public abstract User getUser(int id);
@Secured("ROLE_SUPERVISOR")
public abstract void updateUser(int id, User user);
}
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
Index of /schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
Index of /schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
Index of /schema/security http://www.springframework.org/schema/security/spring-security.xsd
Index of /schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
Index of /schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
<bean id="userManager" class="org.sample.secure.DefaultUserManager" />
<bean id="startup" class="org.sample.secure.Startup" autowire="byType" />
<sec:global-method-security
pre-post-annotations="disabled" secured-annotations="enabled" />
<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service>
<sec:user name="user" password="user" authorities="ROLE_USER" />
<sec:user name="supervisor" password="supervisor"
authorities="ROLE_SUPERVISOR" />
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
</beans>[/XML]
[XML]<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>ch.gizmo</groupId>
<artifactId>sample2</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>sample2-project</name>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>[0.0.0,]</version>
</dependency>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
<version>[0.0.0,]</version>
<scope>runtime</scope>
</dependency>
</dependencies>
</project>[/XML]
Anhänge
Zuletzt bearbeitet: