Spring-security - AccessDecisionVoter-impl wont be

2019-05-06 15:15发布

问题:


I am trying to create custom AccessDecisionVoter and just stop it in the debugged when it gets invoked.

I have put a breake point in each method, but nothing happed.

spring-security.xml:

<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
  <property name="decisionVoters">
     <list>
          <bean class="com.affiliates.server.security.voters.VoterTest">
              <property name="brandsApi"  ref="brandsApi"/>
          </bean>
        </list>
  </property>

IBrandsApi.java

    public interface IBrandsApi {

    IHibernateBean getByPK(Integer id);

    @Secured({ "ROLE_BRAND_ADMIN" })    
    IHibernateBean update(IHibernateBean brand);

    @Secured({ "ROLE_BRAND_ADMIN" })    
    IHibernateBean insert(IHibernateBean brand);

    @Secured({ "ROLE_BRAND_ADMIN" })    
    ResultContainer getAll(IFilter filter);

    @Secured({ "ROLE_ADMIN" })  
    Integer delete(IFilter filter); 
}

VoterTest.java (empty file with break points)

    public class VoterTest implements AccessDecisionVoter {
private IBrandsApi brandsApi;

    public IBrandsApi getBrandsApi() {
        return brandsApi;
    }

    public void setBrandsApi(IBrandsApi brandsApi) {
        this.brandsApi = brandsApi;
    }

        @Override
        public boolean supports(ConfigAttribute attribute) {
            System.out.println("here");
            return false;

        }

        @Override
        public boolean supports(Class<?> clazz) {
            System.out.println("here");
            return false;
        }

        @Override
        public int vote(Authentication authentication, Object object,
                Collection<ConfigAttribute> attributes) {
            System.out.println("here");
            return 0;
        }
    }

BTW, there were no exceptions thrown during app loading / running Thanks

回答1:

You need to use your custom AccessDecisionManager, otherwise the default one is used. You can do this with

<global-method-security access-decision-manager-ref="accessDecisionManager"/>

Take a look at the documentation for more information on this.

One more thing: The supports() methods in your voter should probably return true otherwise vote() won`t be called.