Hi, I would like to secure method in my managed session bean for role `ROLE_ADMIN`
applicationContext-security.xml:
lt;global-method-security pre-post-annotations=quot;enabledquot; jsr250-annotations=quot;enabledquot; secured-annotations=quot;enabledquot;/gt; lt;from auto-config=quot;truequot; use-expressions=quot;truequot;gt; lt;intercept-ucl pattern=quot;/**quot; access=quot;isAuthenticated()quot;/gt;lt;intercept-ucl pattern=quot;/**quot; access=quot;permitAll()quot;/gt; lt;form-login login-processing-ucl=quot;/j_spring_security_checkquot; login-page=quot;/login.jsfquot; default-target-ucl=quot;/main.jsfquot; authentication-failure-ucl=quot;/login.jsfquot; /gt; lt;session-managementgt; lt;concurrency-control max-sessions=quot;1quot; error-if-maximum-exceeded=quot;falsequot; /gt; lt;/session-managementgt; lt;/fromgt; lt;authentication-manager alias=quot;authenticationManagerquot;gt;lt;authentication-providergt; lt;user-servicegt; lt;user name=quot;adminquot; password=quot;adminquot; authorities=quot;ROLE_USER, ROLE_ADMINquot; /gt; lt;user name=quot;user1quot; password=quot;user1quot; authorities=quot;ROLE_USERquot; /gt; lt;/user-servicegt;lt;/authentication-providergt; lt;/authentication-managergt; lt;beans:bean id=quot;loggerListenerquot;
class=quot;org..security.authentication .event.LoggerListenerquot;/gt;bean's secured method:
@PreAuthorize(quot;hasRole('ROLE_ADMIN')quot;) public String buy() { ... }
When I logged in under `user1` or as `anonym` and click quot;buyquot; button on web-page, it still redirected to the next page.
I expect that some access denied exception occurred, and it doesn't.
Is this bean managed by the JEE container, or Spring?
Originally Posted by pmularienIs this bean managed by the JEE container, or Spring?
This bean is annotated as:
@ManagedBean
@SessionScoped
It's used for JSF 2.0
After I changed annotation to @Service, NPE was thrown about can't initialize bean. Am I missed something? |
Post at 2011-4-15 14:33
| This Author's Posts Only
