JWorld@TW the best professional Java site in Taiwan
      註冊 | 登入 | 全文檢索 | 排行榜  

» JWorld@TW » Java Application Framework » Spring  

按列印兼容模式列印這個話題 列印話題    把這個話題寄給朋友 寄給朋友    訂閱主題
reply to topicthreaded modego to previous topicgo to next topic
己加入精華區
by koji at 2007-12-14 09:34
本主題所含的標籤
無標籤
作者 spring security with metadata [精華]
uxa





發文: 489
積分: 6
於 2007-12-06 18:31 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
小弟目前在試書上的範例時又出現一些問題了...
如果是用spring aspect方式的設定時對method的安全性是ok的
可是當要換成用metadata時,它卻沒有安全性的檢查
spring中的部份設定如下
1
2
3
4
5
6
7
8
9
10
11
12
13
  <!--定義metadata implementation,告知Spring如何讀取 -->
  <bean id="attributes" class="org.springframework.metadata.commons.CommonsAttributes"></bean>
  
  <!-- an object definition source that retrieves its security attributes from the secured object's metadata -->
  <bean id="objectDefinitionSource" class="org.acegisecurity.intercept.method.MethodDefinitionAttributes">
    <property name="attributes" ref="attributes"></property>
  </bean>
  
  <bean id="securityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
    <property name="authenticationManager" ref="authenticationManger"></property>
    <property name="accessDecisionManager" ref="accessDecisionManager"></property>
    <property name="objectDefinitionSource" ref="objectDefinitionSource"></property>
  </bean>


需要安全性控制的method code如下
1
2
3
4
5
6
  /**
   *  @@org.acegisecurity.SecurityConfig("ROLE_OPS")
   */
  public void test() {
    System.out.println("execute sueciruty source");
  }


小弟測試後發現不論我登入者的權限設定是什麼它都能執行到這個method
但如果是用aspect的話登入者的權限不符時它會幫我導到失敗的頁面...
請教一下有人試過使用metadata的方式成功的嗎??


reply to postreply to post
☆只要努力就有希望☆
作者 Re:spring security with metadata [Re:uxa]
koji

秒速5センチメートル

站長

發文: 8415
積分: 19
於 2007-12-08 14:51 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
你的MethodDefinitionSourceAdvisor設定有設好嗎?

http://www.acegisecurity.org/acegi-security/apidocs/org/acegisecurity/intercept/method/aopalliance/MethodDefinitionSourceAdvisor.html

koji


reply to postreply to post
JCConf Taiwan 2015 開始售票了!!
Facebook上的TWJUG社團,歡迎加入
作者 Re:spring security with metadata [Re:uxa]
uxa





發文: 489
積分: 6
於 2007-12-11 14:31 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
書上沒提到說要設定這個說....>"<
奇怪了...我是看Spring in action第二版說....
真懷疑它給的範例可以動...= =


reply to postreply to post
☆只要努力就有希望☆
作者 Re:spring security with metadata [Re:uxa]
koji

秒速5センチメートル

站長

發文: 8415
積分: 19
於 2007-12-11 14:32 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我記得官方的spring文件好像有設定
看一下設看看能不能使用

koji


reply to postreply to post
JCConf Taiwan 2015 開始售票了!!
Facebook上的TWJUG社團,歡迎加入
作者 Re:spring security with metadata [Re:uxa]
uxa





發文: 489
積分: 6
於 2007-12-11 19:34 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
大大~~~官網上的我沒看到你說的這個設定a
只看它設了
org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor
org.springframework.metadata.commons.CommonsAttributes
org.acegisecurity.intercept.method.MethodDefinitionAttributes
跟在java file中用@@SecurityConfig的註解...
沒看到MethodDefinitionSourceAdvisor的說^^"
我是看這個http://acegisecurity.org/guide/springsecurity.html


reply to postreply to post
☆只要努力就有希望☆
作者 Re:spring security with metadata [Re:uxa]
koji

秒速5センチメートル

站長

發文: 8415
積分: 19
於 2007-12-11 20:12 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
oh 那好像是另外一個
如果不用autoProxyCreator才需要
那你有autoProxyCreator設定好嗎?

http://www.acegisecurity.org/guide/springsecurity.html

1
2
3
4
5
6
7
8
9
<bean id="autoProxyCreator" class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
  <property name="interceptorNames">
    <list><value>methodSecurityInterceptor</value></list>
  </property>
  <property name="beanNames">
    <list><value>targetObjectName</value></list>
  </property>
  <property name="proxyTargetClass" value="true"/>
</bean>   


koji


reply to postreply to post
JCConf Taiwan 2015 開始售票了!!
Facebook上的TWJUG社團,歡迎加入
作者 Re:spring security with metadata [Re:uxa]
uxa





發文: 489
積分: 6
於 2007-12-12 09:55 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
加了org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator結果還是一樣說....用其他權限的使用者登入還是能存取到該method...

把spring的log給打開看到這個...Dead
1
10:18:13,453  WARN [org.acegisecurity.intercept.AbstractSecurityInterceptor.afterPropertiesSet:225]- Could not validate configuration attributes as the MethodDefinitionSource did not return a ConfigAttributeDefinition Iterator


我猜是不是這個設定它回傳的型別不同所導致的
1
2
3
4
  <bean id="objectDefinitionSource"
    class="org.acegisecurity.intercept.method.MethodDefinitionAttributes">
    <property name="attributes" ref="attributes"></property>
  </bean>


uxa edited on 2007-12-12 10:35
reply to postreply to post
☆只要努力就有希望☆
作者 Re:spring security with metadata [Re:uxa]
koji

秒速5センチメートル

站長

發文: 8415
積分: 19
於 2007-12-12 11:22 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
http://forum.springframework.org/showthread.php?t=22301

看了一下這個
你把
1
2
3
public void test() {
    System.out.println("execute sueciruty source");
}

的test設定個interface method然後權限對應到那個interface看看?

如果可以, 另外有沒有加BeanNameAutoProxyCreator有沒有差?

koji


reply to postreply to post
JCConf Taiwan 2015 開始售票了!!
Facebook上的TWJUG社團,歡迎加入
作者 Re:spring security with metadata [Re:uxa]
uxa





發文: 489
積分: 6
於 2007-12-12 12:18 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
找到原因為~~~是少加了這個

1
2
3
4
5
  <bean
    class="org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor">
    <constructor-arg index="0" ref="securityInterceptor">
    </constructor-arg>
  </bean>


感謝koji熱情的幫忙


reply to postreply to post
☆只要努力就有希望☆
作者 Re:spring security with metadata [Re:uxa]
koji

秒速5センチメートル

站長

發文: 8415
積分: 19
於 2007-12-12 12:22 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
哈..要感謝的話就..
寫個簡單的範例分享給大家吧XD
不然依照我google結果,網路上都只有部分的設定
而沒完整的內容勒

koji


reply to postreply to post
JCConf Taiwan 2015 開始售票了!!
Facebook上的TWJUG社團,歡迎加入
作者 Re:spring security with metadata [Re:uxa]
uxa





發文: 489
積分: 6
於 2007-12-12 16:36 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
見鬼了....早上試的時候可以現在想要寫個範例卻不行了.....== ""
等我整理出正確的作法再回頭分享了~~


reply to postreply to post
☆只要努力就有希望☆
作者 Re:spring security with metadata [Re:uxa]
uxa





發文: 489
積分: 6
於 2007-12-13 13:22 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
應koji大的要求,小弟試著去寫了一個簡單的範例出來

先從web.xml裡的設定開始吧
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
  http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
 
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
      /WEB-INF/classes/applicationContext.xml
    </param-value>
  </context-param>
 
  <servlet>
    <servlet-name>securitySourceServlet</servlet-name>
    <servlet-class>com.king.SecuritySourceServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>securitySourceServlet</servlet-name>
    <url-pattern>/securitySourceServlet</url-pattern>
  </servlet-mapping>
 
  <filter>
    <filter-name>Spring Security Filter Chain Proxy</filter-name>
    <filter-class>
      org.acegisecurity.util.FilterToBeanProxy
    </filter-class>
    <init-param>
      <param-name>targetClass</param-name>
      <param-value>
        org.acegisecurity.util.FilterChainProxy
      </param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>Spring Security Filter Chain Proxy</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <listener>
    <listener-class>
      org.springframework.web.context.ContextLoaderListener
    </listener-class>
  </listener>

  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
</web-app>


利用FilterChainProxy來達到security
SecuritySourceServlet是小弟用來示範method invocations securing的進入點,來看一下它的內容吧
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
package com.king;
 
import java.io.IOException;
 
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
 
public class SecuritySourceServlet extends HttpServlet {
 
  @Override
  protected void doGet(HttpServletRequest request,
      HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
    this.doPost(request, response);
  }
 
  @Override
  protected void doPost(HttpServletRequest request,
      HttpServletResponse response) throws ServletException, IOException {
    // TODO Auto-generated method stub
    ApplicationContext ctx = WebApplicationContextUtils
        .getWebApplicationContext(this.getServletContext());
    SecuritySource source = (SecuritySource)ctx.getBean("securitySource");
    source.securityMethod();
  }
 
}
 

只是簡單的取用Spring中的定義好的bean,而這個bean中的method就是小弟要security的對像
及其interface如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
package com.king;
 
import org.acegisecurity.annotation.Secured;
import org.acegisecurity.SecurityConfig;
 
public interface SecuritySource {
 
  /**
   * @@SecurityConfig("ROLE_ADMIN")
   */
  @Secured({"ROLE_ADMIN"})
  public void securityMethod();
}
 

@@SecurityConfig("ROLE_ADMIN"),這是利用Commons Attributes的設定
@Secured({"ROLE_ADMIN"})這是利用1.5的Annotation設定

實作部份
1
2
3
4
5
6
7
8
9
10
11
12
13
14
package com.king;
 
public class SecuritySourceImpl implements SecuritySource {
 
  /* Refer to Interface
   * @see com.king.SecuritySource#securityMethod()
   */
  public void securityMethod() {
    // TODO Auto-generated method stub
    System.out.println("execute security source");
  }
 
}
 

它只是在console上打印出字串,當使用者的權限允許時可存取
接下來進入重點啦,就是Spring中的設定
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?xml version="1.0" encoding="UTF-8"?>
 
<beans xmlns="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
                  http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
 
  <!-- declare Authentication -->
  <bean id="authenticationDao"
    class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
    <property name="userMap">
      <value>
        king=welcome,ROLE_ADMIN 
        guest=welcome,ROLE_GUEST
      </value>
    </property>
  </bean>
 
  <bean id="daoAuthenticationProvider"
    class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
    <property name="userDetailsService" ref="authenticationDao"></property>
  </bean>
 
  <bean id="authenticationManager"
    class="org.acegisecurity.providers.ProviderManager">
    <property name="providers">
      <list>
        <ref bean="daoAuthenticationProvider" />
      </list>
    </property>
  </bean>
 
  <!-- declare Authorization -->
  <bean id="accessDecisionManager"
    class="org.acegisecurity.vote.UnanimousBased">
    <property name="decisionVoters">
      <list>
        <bean class="org.acegisecurity.vote.RoleVoter"></bean>
      </list>
    </property>
  </bean>
 
  <!-- declare Filter Chain Proxy -->
  <bean id="filterChainProxy"
    class="org.acegisecurity.util.FilterChainProxy">
    <property name="filterInvocationDefinitionSource">
      <value>
        CONVERT_URL_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /**=authenticationProcessFilter,exceptionTranslationFilter,filterSecurityInterceptor
      </value>
    </property>
  </bean>

  <bean id="authenticationEntryPoint"
    class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
    <property name="realmName" value="Security Sample"></property>
  </bean>

  <bean id="authenticationProcessFilter"
    class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
    <property name="authenticationManager"
      ref="authenticationManager">
    </property>
    <property name="authenticationEntryPoint"
      ref="authenticationEntryPoint">
    </property>
  </bean>

  <bean id="exceptionTranslationFilter"
    class="org.acegisecurity.ui.ExceptionTranslationFilter">
    <property name="authenticationEntryPoint"
      ref="authenticationEntryPoint">
    </property>
    <property name="accessDeniedHandler">
      <bean
        class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/error.html"></property>
      </bean>
    </property>
  </bean>

  <bean id="filterSecurityInterceptor"
    class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
    <property name="authenticationManager"
      ref="authenticationManager">
    </property>
    <property name="accessDecisionManager"
      ref="accessDecisionManager">
    </property>
    <property name="objectDefinitionSource">
      <value>
        CONVER_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT 
        /securityPage.html=ROLE_ADMIN
      </value>
    </property>
  </bean>

  <!-- declare method security -->
  <bean id="securitySource" class="com.king.SecuritySourceImpl"></bean>

  <bean id="methodSecurityInterceptor"
    class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
    <property name="authenticationManager" ref="authenticationManager"></property>
    <property name="accessDecisionManager" ref="accessDecisionManager"></property>
    <property name="objectDefinitionSource">
      <!-- 利用Spring提供的定義方式,小弟覺得如果當要控管的method或是class過多時這方法似乎不是太方便
      <value>
        com.king.SecuritySource.securityMethod=ROLE_ADMIN
      </value>
       -->
       <bean class="org.acegisecurity.intercept.method.MethodDefinitionAttributes">
         <property name="attributes">
           <!--  利用1.5Annotation的設定方式
           <bean class="org.acegisecurity.annotation.SecurityAnnotationAttributes"></bean>
           -->
           <!-- 利用Commons Attributes的設定方式,這部份小弟怎麼試就是不會work -->
            <bean class="org.springframework.metadata.commons.CommonsAttributes"></bean>
         </property>
       </bean>
    </property>
  </bean>

  <bean id="autoProxyCreator"
    class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
    <property name="interceptorNames">
      <list>
        <value>methodSecurityInterceptor</value>
      </list>
    </property>
    <property name="beanNames">
      <list>
        <value>securitySource</value>
      </list>
    </property>
    <property name="proxyTargetClass" value="true"></property>
  </bean>
</beans>


以上就是整個範例的source code及設定啦
Commons Attributes的部份似乎不管我怎麼改都不會work,目前還搞不懂是怎麼一回事,如果有人試出來的話麻煩要告知一下大家^^
另外找到這篇http://forum.springframework.org/showthread.php?t=43638也是跟小弟遇上一樣的問題,不過也沒人回應>"<,從google上面也很難找到有人po出這部份的範例


reply to postreply to post
☆只要努力就有希望☆
作者 Re:spring security with metadata [Re:uxa]
koji

秒速5センチメートル

站長

發文: 8415
積分: 19
於 2007-12-13 23:13 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
我想不要嘗試好了
http://commons.apache.org/attributes/compiler.html
加上說明
http://static.springframework.org/spring/docs/2.0.x/api/org/springframework/metadata/commons/CommonsAttributes.html
你必須在compile time做些手腳,才有辦法把這個資訊放在裡面
所以...用annotation吧簡單多了

koji


reply to postreply to post
JCConf Taiwan 2015 開始售票了!!
Facebook上的TWJUG社團,歡迎加入
作者 Re:spring security with metadata [Re:uxa]
uxa





發文: 489
積分: 6
於 2007-12-14 09:31 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
原來還要動手腳才行呀...書上竟然沒提到這個..
害我試了老半天想說怎麼只有這個不會動...
感謝Koji


reply to postreply to post
☆只要努力就有希望☆
作者 Re:spring security with metadata [Re:uxa]
piaoyi

Go surfing



發文: 93
積分: 3
於 2007-12-31 11:37 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
想請問,
您在文中提到少了MethodDefinitionSourceAdvisor,但最後貼出來的結果並沒有使用MethodDefinitionSourceAdvisor,而是用BeanNameAutoProxyCreator,但 BeanNameAutoProxyCreator 有一個參數叫 beanNames ,這是不是代表著所有要做secure檢查的bean都要在這裡註冊??
如果每次要檢查的 bean ,除了在 method 上有宣告外,結果還要在 beanNames 這註冊才能被檢查,不是會很不方便嗎??

請問有方法可以不用註冊 bean 這個方式,就會檢查的設定嗎?是不是就是用MethodDefinitionSourceAdvisor??


reply to postreply to post
Piaoyi's blog
http://www.javaworld.com.tw/roller/piaoyi/

Money, where are u @@
作者 Re:spring security with metadata [Re:uxa]
koji

秒速5センチメートル

站長

發文: 8415
積分: 19
於 2007-12-31 12:35 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
beanNames應該可以套pattern
1
2
3
4
5
<property name="beanNames">
      <list>
        <value>*Source</value>
      </list>
</property>


依照文件說法應該可以
MethodDefinitionSourceAdvisor搭配DefaultAdvisorAutoProxyCreator
1
2
3
4
5
6
7
<bean id="methodSecurityAdvisor"
class="org.acegisecurity.intercept.method.aopalliance.MethodDefinitionSourceAdvisor">
  <constructor-arg ref="methodSecurityInterceptor"/>
 
</bean>
<bean id="autoProxyCreator" 
           class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator"/> 

但是我沒try過Tongue

http://forum.springframework.org/showthread.php?t=32672
簡單一點的話參考這個看看?
1
2
3
4
<aop:config>
        <aop:pointcut id="fooServiceMethods" expression="execution(* com.acula.dao.hibernate.*.*(..))"/>
        <aop:advisor advice-ref="methodSecurityInterceptor" pointcut-ref="fooServiceMethods"/>        
</aop:config>


koji


reply to postreply to post
JCConf Taiwan 2015 開始售票了!!
Facebook上的TWJUG社團,歡迎加入
作者 Re:spring security with metadata [Re:koji]
piaoyi

Go surfing



發文: 93
積分: 3
於 2007-12-31 15:19 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
列出我實際測試的結果:

beanNames套pattern,
1
2
3
4
5
<property name="beanNames">
      <list>
        <value>*Source</value>
      </list>
</property>


可以用,但是奇怪的是,只限是無引數建構子的bean。
覺的奇怪的是,
這個 beanName 是我們實際在 spring config 內的某個 bean id,
但如果這個 bean 的 constructor 必須要有參數時,這裡就會死掉,
可是我們的 bean 明明在別的地方宣告了,而且是有傳建構參數進去給他建構的,
而這裡只是要給 bean id,而不是 bean class,
但就是會收到以下的錯誤
1
2
3
4
5
6
7
8
9
10
11
javax.faces.el.EvaluationException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'pathPhraseBean' defined in ServletContext resource [/WEB-INF/backingBean-basic.xml]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Couldn't generate CGLIB subclass of class [class com.inqgen.iqlis.basic.phrase.jsf.PathPhraseBean]: Common causes of this problem include using a final class or a non-visible class; nested exception is java.lang.IllegalArgumentException: Superclass has no null constructors but no arguments were given
  at com.sun.faces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:190)
  at com.sun.faces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:143)
  at javax.faces.component.UIOutput.getValue(UIOutput.java:167)
  at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:102)
  at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:221)
  at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:199)
  at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:740)
  at javax.faces.webapp.UIComponentTag.encodeEnd(UIComponentTag.java:645)
  at javax.faces.webapp.UIComponentTag.doEndTag(UIComponentTag.java:568)
 


======================
使用MethodDefinitionSourceAdvisor搭配DefaultAdvisorAutoProxyCreator
,不知為何會有以下錯誤
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
javax.faces.el.PropertyNotFoundException: Error getting property 'nameSorter' from bean of type $Proxy80
  at com.sun.faces.el.PropertyResolverImpl.getValue(PropertyResolverImpl.java:127)
  at com.sun.faces.el.impl.ArraySuffix.evaluate(ArraySuffix.java:187)
  at com.sun.faces.el.impl.ComplexValue.evaluate(ComplexValue.java:171)
  at com.sun.faces.el.MixedELValueBinding.getValue(MixedELValueBinding.java:100)
  at javax.faces.component.UICommand.getValue(UICommand.java:211)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:585)
  at javax.faces.component.UIComponentBase$AttributesMap.get(UIComponentBase.java:1381)
  at org.ajax4jsf.renderkit.AjaxCommandRendererBase.getValue(AjaxCommandRendererBase.java:82)
  at org.ajax4jsf.renderkit.html.CommandLinkRenderer.doEncodeBegin(CommandLinkRenderer.java:132)
  at org.ajax4jsf.renderkit.html.CommandLinkRenderer.doEncodeBegin(CommandLinkRenderer.java:88)
  at org.ajax4jsf.renderkit.RendererBase.encodeBegin(RendererBase.java:101)
  at javax.faces.component.UIComponentBase.encodeBegin(UIComponentBase.java:703)
  at org.apache.myfaces.shared_tomahawk.renderkit.RendererUtils.renderChild(RendererUtils.java:412)


======================
而使用底下方式,則不管使用者為何,都不會檢查權限,全都可以操作。
1
2
3
4
<aop:config>
        <aop:pointcut id="fooServiceMethods" expression="execution(* com.inqgen.*.*(..))"/>
        <aop:advisor advice-ref="methodSecurityInterceptor" pointcut-ref="fooServiceMethods"/>        
</aop:config>


有點無力的感覺@@
持續努力中.....


reply to postreply to post
Piaoyi's blog
http://www.javaworld.com.tw/roller/piaoyi/

Money, where are u @@
作者 Re:spring security with metadata [Re:uxa]
koji

秒速5センチメートル

站長

發文: 8415
積分: 19
於 2008-01-01 17:44 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
1.CGLIB proxies cannot be used with constructor-arguments. 用aop autoProxyCreator好像就會自動用cglib, 所以沒辦法.

2.我測過了沒問題

3.我測過了沒問題

2和3都可以,建議你先套到簡單的sample web app去跑
不要一開始就套到很多設定的webapp
不然你要找錯很難

koji


reply to postreply to post
JCConf Taiwan 2015 開始售票了!!
Facebook上的TWJUG社團,歡迎加入
作者 Re:spring security with metadata [Re:koji]
piaoyi

Go surfing



發文: 93
積分: 3
於 2008-01-02 15:29 user profilesend a private message to userreply to postreply to postsearch all posts byselect and copy to clipboard. 
ie only, sorry for netscape users:-)add this post to my favorite list
感謝 koji 大大Smile

我重新建一個單純的web app,第2,和3可以用了,也找到3為何當初沒有檢查,
因為
execution(* com.inqgen.*.*(..)) 這個,最後一個星號代表 method, 最後第二個星號代表class name,所以就只會檢查com.inqgen.xxxClass.xxxMethod,而我以為是會檢查所有以 com.inqgen 這個 package 開頭的classTongue

經測試,如果要是 com.inqgen 底下所有不管幾層的都要檢查,則設法為
execution(* com.inqgen..*.*(..)),用連續二個 dot 來代表多層 package,就會檢查,真不知這個語法該在哪查@@?

套用回我目前正開發的專案,第2和3種設法還是有一樣的錯誤Sad,正在找為何有錯,目前假設是同事使用的 myfaces 的影響,持續努力驗證中....


reply to postreply to post
Piaoyi's blog
http://www.javaworld.com.tw/roller/piaoyi/

Money, where are u @@
» JWorld@TW »  Java Application Framework » Spring

reply to topicthreaded modego to previous topicgo to next topic
  已讀文章
  新的文章
  被刪除的文章
Jump to the top of page

JWorld@TW 本站商標資訊

Powered by Powerful JuteForum® Version Jute 1.5.8