所以我有一个@Secure为 Spring Security 设计的 Vaadin (8) 视图:
@Secured(SUPERADMIN_ROLE)
@SpringView(name = AdminHomeView.NAME)
class AdminHomeView : DemoViewWithLabel(){
companion object {
const val NAME = "admin/home"
}
override val labelContent = "This is the protected admin section. You are authenticated and authorized."
}
哪里DemoViewWithLabel只是一个非常简单的抽象类显示
VerticalLayout(Label(labelContent))
因此,如果我以具有该角色的身份登录Superadmin,我就可以很好地访问该视图。
但是,让我们做一个小改动并覆盖一个方法......
@Secured(SUPERADMIN_ROLE)
@SpringView(name = AdminHomeView.NAME)
class AdminHomeView : DemoViewWithLabel(){
companion object {
const val NAME = "admin/home"
}
override val labelContent = "This is the protected admin section. You are authenticated and authorized."
override fun enter(event: ViewChangeListener.ViewChangeEvent?) {
super.enter(event)
}
}
这让我AccessDeniedException……我不明白为什么。
所以我打开了 Spring Security 的 debug loggign,这就是它必须说的:
Secure object: ReflectiveMethodInvocation: public void ch.cypherk.myapp.ui.views.admin.AdminHomeView.enter(com.vaadin.navigator.ViewChangeListener$ViewChangeEvent);
target is of class [ch.cypherk.myapp.ui.views.admin.AdminHomeView];
Attributes: [Superadmin]
Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@a6801701:
Principal: ch.cypherk.myapp.model.auth.MyUserDetails@6e4c5c5b;
Credentials: [PROTECTED];
Authenticated: true; Details: null;
Granted Authorities: RIGHT_MANAGER, Superadmin
到目前为止,这似乎还可以。它需要一个Superadmin权限,并且它有一个具有该Superadmin权限的经过身份验证的用户。
梵蒂冈之花
相关分类