How dow do I implement an AffirmativeBased object in Spring Security 4?

Question

How dow do I implement an AffirmativeBased object in Spring Security 4?

In Spring 3, the constructor looked like this:

public AffirmativeBased(List<AccessDecisionVoter> decisionVoters)

In Spring 4, the constructor adds a type:

public AffirmativeBased(List<AccessDecisionVoter<? extends Object>> decisionVoters)

Can someone help me understand what he is looking for?

+3

spring spring-security

end-user Jul 14 15 at 13:40

source to share

3 answers

bdetweiler · Answer 1 · 2016-08-22T17:17:39+0000

I ran into the following exception:

org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [java.util.List] found for dependency [Java.util.List>]: At least 1 expected bean that qualifies for outsourcing for this dependency. Dependency annotations: {}

I was able to fix this by changing the property to a constructor argument.

<beans xmlns="http://www.springframework.org/schema/beans" 
       xmlns:sec="http://www.springframework.org/schema/security" 
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:util="http://www.springframework.org/schema/util"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/util
                           http://www.springframework.org/schema/util/spring-util.xsd">


    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
        <constructor-arg>
            <util:list>
                <bean class="org.springframework.security.access.vote.RoleVoter">
                    <property name="rolePrefix" value="ROLE_" />
                </bean>
            </util:list>
        </constructor-arg>
    </bean>
</beans>

Leon li · Answer 2 · 2016-11-03T17:18:32+0000

Everything is good. If you are using spring boot / java config, just change your declaration (add type?) As shown below so the compiler doesn't complain. In any case, all type information will be removed.

List<AccessDecisionVoter<?>> voters = new ArrayList<>();

denov · Answer 3 · 2016-04-29T19:19:06+0000

read the source code .. have a look at GlobalMethodSecurityConfiguration

protected AccessDecisionManager accessDecisionManager() {
    List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList<AccessDecisionVoter<? extends Object>>();
    ExpressionBasedPreInvocationAdvice expressionAdvice = new ExpressionBasedPreInvocationAdvice();
    expressionAdvice.setExpressionHandler(getExpressionHandler());
    if (prePostEnabled()) {
        decisionVoters
                .add(new PreInvocationAuthorizationAdviceVoter(expressionAdvice));
    }
    if (jsr250Enabled()) {
        decisionVoters.add(new Jsr250Voter());
    }
    decisionVoters.add(new RoleVoter());
    decisionVoters.add(new AuthenticatedVoter());
    return new AffirmativeBased(decisionVoters);
}

How dow do I implement an AffirmativeBased object in Spring Security 4?

More articles: