SpringBoot SpringSecurity ACL @PostFilter

Question

我使用...

springBootVersion = '1.2.4.RELEASE' 
springVersion = '4.1.6.RELEASE' 
springSecurityVersion = '4.0.0.M2' 


@Configuration 
@EnableGlobalMethodSecurity(prePostEnabled = true) 
@EnableWebMvcSecurity 
@Profile(ElmProfile.HAS_AUTHENTICATION) 
public class SecurityXXX extends WebSecurityConfigurerAdapter { 

} 

Application.java具有相应

@ComponentScan 

logging.level.org.springframework.security=TRACE 

问题： 有一些奇怪的行为...

There are may post filter annotations are defined on the service interface , but in the logs it shows its detected the annotation on the service impl class instead !?. 

Althought there are many such methods on the service interface with only one method is detected 

是的服务有@Service注释，如下图所示：

@Validated 
public interface SiteService { 
    @PostFilter("hasPermission(filterObject, 'read')") 
    @NotNull 
    List<Site> getSitesWithBins(); 

    @PostFilter("hasPermission(filterObject, 'read')") 
    @NotNull 
    List<Site> getAllSitesRestricted(); 

    @PostFilter("hasPermission(filterObject, 'read')") 
    @NotNull 
    List<Site> getAllSites(); 

    @PostFilter("hasPermission(filterObject, 'read')") 
    @NotNull 
    List<Site> findSitesByMain(final boolean isMain); 

    @NotNull 
    List<Site> getSitesByTransferType(@Min(1) final Long siteId, @NotNull final TransferType.Code transferType); 

    @PostFilter("hasPermission(filterObject, 'read')") 
    Site getSite(@Min(1) final Long siteId); 


@Service 
@Transactional 
@RequiredArgsConstructor(onConstructor = @__(@Autowired)) 
public class SiteServiceImpl implements SiteService { 

     //implementas all the service interface methods 
} 

The stack trace below shows that only one method was found , all the methods are not found i.e. only the @PostFilter on the getSite() method is found .. 
2015-06-26 19:23:17.986 TRACE 13561 --- [   main] .PrePostAnnotationSecurityMetadataSource : Looking for Pre/Post annotations for method 'getSite' on target class 'class au.com.xxx.xxxx.inventory.main.service.SiteServiceImpl' 
2015-06-26 19:23:17.987 DEBUG 13561 --- [   main] .PrePostAnnotationSecurityMetadataSource : @org.springframework.security.access.prepost.PostFilter(value=hasPermission(filterObject, 'read')) found on specific method: public au.com.xxxx.xxxx.inventory.main.domain.Site au.com.xxxx.xxxx.inventory.main.service.SiteServiceImpl.getSite(java.lang.Long) 
2015-06-26 19:23:17.990 DEBUG 13561 --- [   main] m.DelegatingMethodSecurityMetadataSource : Caching method [CacheKey[au.com.xxxx.xxxx.inventory.main.service.SiteServiceImpl; public abstract au.com.xxxx.xxxx.inventory.main.domain.Site au.com.xxxx.xxxx.inventory.main.service.SiteService.getSite(java.lang.Long)]] with attributes [[authorize: 'permitAll', filter: 'null', filterTarget: 'null'], [authorize: 'null', filter: 'hasPermission(filterObject, 'read')']] 

因此，奇怪的是其他注释在服务接口上被忽略，并且一种特定的方法被认为具有注释。 根据上面的日志语句，Alss是一件奇怪的事情，它在服务实现类上找到了@PostFilter，但是它们在接口中定义了!!!!!!而且我确信在类路径中没有其他接口/类具有相同的名称。

Answer 1

你的堆栈跟踪不清楚。如果您可以准确地发布完整的日志，那将会很有帮助。不过，这里有一个快速解决方案，请检查您是否在您的ServiceImpl calss上添加了@Service注释，并确保您的服务包应该在其中进行配置。记得在春天，每件事物都是一个组件，因此它们将用@Component注解表示，@Service和@Repository是@Component的子注解。