spring security原来也是有顺序的啊
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<http auto-config="true"/>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,status as enabled
from user
where username=?"
authorities-by-username-query="select u.username,r.name as authority
from user u
join user_role ur
on u.id=ur.user_id
join role r
on r.id=ur.role_id
where u.username=?"/>
</authentication-provider>
<global-method-security/>
<beans:bean id="messageService" class="a.MessageServiceImpl"/>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql://localhost:3306/tests"/>
<beans:property name="username" value="root"/>
<beans:property name="password" value="root"/>
</beans:bean>
<beans:bean id="resourceDetailsMonitor" class="a.ResourceDetailsMonitor">
<beans:property name="dataSource" ref="dataSource" />
<beans:property name="filterSecurityInterceptor" ref="_filterSecurityInterceptor" />
<beans:property name="delegatingMethodDefinitionSource" ref="_delegatingMethodDefinitionSource" />
</beans:bean>
</beans:beans>
这是我刚开始的配置但是打开页面后应该受保护的方法根本不受保护
但是将<beans:bean id="messageService" class="a.MessageServiceImpl"/>
换到resourceDetailsMonitor后居然页面管用了正确的配置如下
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<http auto-config="true"/>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,status as enabled
from user
where username=?"
authorities-by-username-query="select u.username,r.name as authority
from user u
join user_role ur
on u.id=ur.user_id
join role r
on r.id=ur.role_id
where u.username=?"/>
</authentication-provider>
<global-method-security/>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql://localhost:3306/tests"/>
<beans:property name="username" value="root"/>
<beans:property name="password" value="root"/>
</beans:bean>
<beans:bean id="resourceDetailsMonitor" class="a.ResourceDetailsMonitor">
<beans:property name="dataSource" ref="dataSource" />
<beans:property name="filterSecurityInterceptor" ref="_filterSecurityInterceptor" />
<beans:property name="delegatingMethodDefinitionSource" ref="_delegatingMethodDefinitionSource" />
</beans:bean>
<beans:bean id="messageService" class="a.MessageServiceImpl"/>
</beans:beans>