第 52 章 设置方法拦截器

我们不一定必须使用namespace提供的global-method-security,直接把MethodInterceptor放到aop里就可以。

<aop:config>
	<aop:pointcut id="securityPointcut" expression="execution(* com.family168.springsecuritybook.ch220.*.*(..))" />
	<aop:advisor advice-ref="accessDeniedInterceptor" pointcut-ref="securityPointcut" order="0" />
	<aop:advisor advice-ref="methodSecurityInterceptor" pointcut-ref="securityPointcut" order="1" />
</aop:config>

<bean id="methodSecurityInterceptor"
	class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor" autowire="byType">
	<property name="authenticationManager" ref="org.springframework.security.authenticationManager" />
	<property name="securityMetadataSource">
	   <s:method-security-metadata-source>
		  <s:protect method="com.family168.springsecuritybook.ch220.MessageService.userMessage" access="ROLE_ADMIN" />
	   </s:method-security-metadata-source>
	</property>
</bean>

<bean id="accessDeniedInterceptor" class="com.family168.springsecuritybook.ch220.AccessDeniedInterceptor" />
    

实例见ch220。