I have a very similar spring-security beans configuration for this example . Annotation @Securedin controller methods only works correctly if it refers to a class method that does not subclass another class. In other words, this following code does not work (exception thrown during bean initialization):
@Controller
@RequestMapping("/systeminfo")
public class SystemInfoController extends AbstractViewableController {
@RequestMapping(method = RequestMethod.GET, value = "/")
@Secured("ROLE_USER")
public void view(HttpServletRequest request) {
}
}
Here is the exception:
org.springframework.beans.factory.BeanCreationException: Error creating bean wit
h name 'systemInfoController' defined in file [C:\workspace\my\my-webapp
\target\classes\my\webapp\controller\SystemInfoController.class]: Initializa
tion of bean failed; nested exception is org.springframework.aop.framework.AopCo
nfigException: Could not generate CGLIB subclass of class [class my.webapp.c
ontroller.SystemInfoController]: Common causes of this problem include using a f
inal class or a non-visible class; nested exception is net.sf.cglib.core.CodeGen
erationException: java.lang.RuntimeException-->RequestMapping annotation cannot
be found on my.webapp.controller.SystemInfoController$$EnhancerByCGLIB$$e99f
e366
So, I follow the instructions here and add proxy-target-class="true"in <global-method-security ...>(not sure if this is related), but the security aspect is still lost. However, if the superclass is removed, then security will be applied correctly, i.e. Go to the login page.
- , , ?