SpringBoot SpringSecurity ACL @PostFilter

Question

我在用..。

springBootVersion = '1.2.4.RELEASE'
springVersion = '4.1.6.RELEASE'
springSecurityVersion = '4.0.0.M2'


@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebMvcSecurity
@Profile(ElmProfile.HAS_AUTHENTICATION)
public class SecurityXXX extends WebSecurityConfigurerAdapter {

}

Application.java具有相应的

@ComponentScan

logging.level.org.springframework.security=TRACE

问题:有一些奇怪的行为...

There are may post filter  annotations are defined on the service interface , but in the logs it shows its detected  the annotation on the service impl class  instead !?. 

Althought there are many such methods on the service interface with only one method is detected

是的，服务有@Service注解，如下所示：

@Validated
public interface SiteService {
    @PostFilter("hasPermission(filterObject, 'read')")
    @NotNull
    List<Site> getSitesWithBins();

    @PostFilter("hasPermission(filterObject, 'read')")
    @NotNull
    List<Site> getAllSitesRestricted();

    @PostFilter("hasPermission(filterObject, 'read')")
    @NotNull
    List<Site> getAllSites();

    @PostFilter("hasPermission(filterObject, 'read')")
    @NotNull
    List<Site> findSitesByMain(final boolean isMain);

    @NotNull
    List<Site> getSitesByTransferType(@Min(1) final Long siteId, @NotNull final TransferType.Code transferType);

    @PostFilter("hasPermission(filterObject, 'read')")
    Site getSite(@Min(1) final Long siteId); 


@Service
@Transactional
@RequiredArgsConstructor(onConstructor = @__(@Autowired))
public class SiteServiceImpl implements SiteService {

         //implementas all the service interface methods
}

The stack trace below shows that only one method was found , all the methods are not found i.e.  only the @PostFilter on the getSite() method is found ..
2015-06-26 19:23:17.986 TRACE 13561 --- [           main] .PrePostAnnotationSecurityMetadataSource : Looking for Pre/Post annotations for method 'getSite' on target class 'class au.com.xxx.xxxx.inventory.main.service.SiteServiceImpl'
2015-06-26 19:23:17.987 DEBUG 13561 --- [           main] .PrePostAnnotationSecurityMetadataSource : @org.springframework.security.access.prepost.PostFilter(value=hasPermission(filterObject, 'read')) found on specific method: public au.com.xxxx.xxxx.inventory.main.domain.Site au.com.xxxx.xxxx.inventory.main.service.SiteServiceImpl.getSite(java.lang.Long)
2015-06-26 19:23:17.990 DEBUG 13561 --- [           main] m.DelegatingMethodSecurityMetadataSource : Caching method [CacheKey[au.com.xxxx.xxxx.inventory.main.service.SiteServiceImpl; public abstract au.com.xxxx.xxxx.inventory.main.domain.Site au.com.xxxx.xxxx.inventory.main.service.SiteService.getSite(java.lang.Long)]] with attributes [[authorize: 'permitAll', filter: 'null', filterTarget: 'null'], [authorize: 'null', filter: 'hasPermission(filterObject, 'read')']]

因此，奇怪的是，服务接口上的其他注释被忽略，并且一个特定的方法被识别为具有该注释。尽管上面的日志语句很奇怪，但它在服务实现类上找到了@PostFilter，但它们是在接口中定义的！并且我已经确保在类路径上没有其他同名的接口/类。

Answer 1

您的堆栈跟踪不清晰。如果你能发布你所得到的整个日志，这将是很有帮助的。然而，这里有一个快速修复方法，检查您是否在ServiceImpl类中添加了@服务注释，并确保在中配置了您的服务包。请记住，在spring中，每件事都是一个组件，因此它们将用@Component注释来表示，而@Service和@Repository是@Component的子注释。