问题描述
我正在尝试使用 Java Config 实现方法安全性,但出现错误:-
I'm trying to implement method security using Java Config, but I'm getting a error:-
org.springframework.expression.spel.SpelEvaluationException: EL1057E:(pos 1): No bean resolver registered in the context to resolve access to bean 'appPermissionEvaluator'
方法是:-
@PreAuthorize("@appPermissionEvaluator.hasSystemPermission()")
public String something() {
...
}
Config 类定义为 (MethodSecurityConfig.java):-
The Config class definition is (MethodSecurityConfig.java):-
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
@Bean
public AppPermissionEvaluator appPermissionEvaluator() {
return new AppPermissionEvaluator();
}
@Override
protected MethodSecurityExpressionHandler createExpressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler =
new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(appPermissionEvaluator());
return expressionHandler;
}
...
}
我检查了我是否能够在同一个类中自动装配 bean,而且我发现默认的 hasPermission() 方法在我实现它们时正在工作,唯一的问题是从 SpEL 读取 bean.我不确定出了什么问题.任何指针?
I checked that I'm able to autowire the bean in the same class, also I found the default hasPermission() methods are working as I've implemented them, the only problem is reading the bean from SpEL. I'm not sure what's wrong. Any Pointers?
我使用的是 Spring 4.1.5 和 Spring security 3.2.7
I'm using Spring 4.1.5 and Spring security 3.2.7
推荐答案
您需要确保在 DefaultMethodSecurityExpresssionHandler 上设置 ApplicationContext.例如:
You need to ensure that you set the ApplicationContext on the DefaultMethodSecurityExpresssionHandler. For example:
@Autowired
private ApplicationContext context;
// ...
@Override
protected MethodSecurityExpressionHandler expressionHandler() {
DefaultMethodSecurityExpressionHandler expressionHandler =
new DefaultMethodSecurityExpressionHandler();
expressionHandler.setPermissionEvaluator(appPermissionEvaluator());
// !!!
expressionHandler.setApplicationContext(context);
return expressionHandler;
}
或者更简洁地,如果您将单个 PermissionEvaluator 定义为 Bean,Spring Security 将自动选择它(无需覆盖 expressionHandler()).例如:
Alternatively and more concisely, if you define a single PermissionEvaluator as a Bean and Spring Security will automatically pick it up (no need to override expressionHandler()). For example:
@Bean
public PermissionEvaluator appPermissionEvaluator() {
...
}
这篇关于上下文中没有注册 bean 解析器来解析对 bean 的访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!