Java: Spring security 3 Gerarchia dei ruoli

Question

Sto usando il framework Spring mvc 3 + spring security 3. Vorrei abilitare la gerarchia dei ruoli nella mia sicurezza di primavera. Secondo http://static.springsource.org/spring-security/site/docs/3.1.x/reference/authz-arch.html dovrei scrivere

<bean id="roleVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter"> 
    <constructor-arg ref="roleHierarchy" /> 
</bean> 
<bean id="roleHierarchy" 
    class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl"> 
<property name="hierarchy"> 
    ROLE_ADMIN > ROLE_STAFF 
    ROLE_STAFF > ROLE_USER 
    ROLE_USER > ROLE_GUEST 
</property> 
</bean> 

Ma dove dovrei metterla? Ho provato a mettere nel mio app-security.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 
    <http> 
     <intercept-url pattern="/entryPost/**" access="ROLE_USER" requires-channel="https"/> 
     <intercept-url pattern="/entryDelete/**" access="ROLE_ADMIN" requires-channel="https"/> 
     <intercept-url pattern="/commentDelete/**" access="ROLE_ADMIN" requires-channel="https"/> 
     <intercept-url pattern="/login" access="ROLE_ANONYMOUS" requires-channel="https"/> 
     <form-login login-page="/login" default-target-url="/entryList/1" authentication-failure-url="/login?error=true" /> 
     <logout logout-success-url="/login" /> 
     <session-management> 
      <concurrency-control max-sessions="1" /> 
     </session-management> 
     <access-denied-handler error-page="/accessDenied"/> 
    </http> 
    <authentication-manager> 
     <authentication-provider> 
      <jdbc-user-service data-source-ref="dataSource" 
      users-by-username-query="SELECT username,password,'true' as enabled FROM member WHERE username=?" 
      authorities-by-username-query="SELECT member.username,role FROM member,memberRole WHERE member.username=? AND member.id=memberRole.member_id"/> 
     </authentication-provider> 
    </authentication-manager> 
<bean id="roleVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter"> 
    <constructor-arg ref="roleHierarchy" /> 
</bean> 
<bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl"> 
    <property name="hierarchy"> 
     ROLE_ADMIN > ROLE_STAFF 
     ROLE_STAFF > ROLE_USER 
     ROLE_USER > ROLE_GUEST 
    </property> 
</bean> 

Ma non funziona: HTTP Stato 404.

Quando ho messo in app-servlet.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:mvc="http://www.springframework.org/schema/mvc" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:context="http://www.springframework.org/schema/context" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-3.0.xsd 
    http://www.springframework.org/schema/mvc 
    http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd"> 
    <context:component-scan base-package="rus.web"/> 
    <bean id="entryValidator" class="rus.domain.EntryValidator"/> 
    <bean id="commentValidator" class="rus.domain.CommentValidator"/> 
    <mvc:annotation-driven/> 
    <mvc:resources mapping="/resources/**" location="/resources/"/> 
    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 
     <property name="prefix" value="/WEB-INF/jsp/"/> 
     <property name="suffix" value=".jsp"/> 
    </bean> 
    <bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> 
     <property name="basename" value="messages"/> 
    </bean> 
    <!--<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> 
     <property name="defaultErrorView" value="error"/> 
    </bean> --> 

<bean id="roleVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter"> 
    <constructor-arg ref="roleHierarchy" /> 
</bean> 
<bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl"> 
    <property name="hierarchy"> 
     ROLE_ADMIN > ROLE_STAFF 
     ROLE_STAFF > ROLE_USER 
     ROLE_USER > ROLE_GUEST 
    </property> 
</bean> 
</beans> 

getta eccezione:

org.springfram ework.beans.factory.xml.XmlBeanDefinitionStoreException: la riga 35 nel documento XML dalla risorsa ServletContext [/WEB-INF/rus-servlet.xml] non è valida; l'eccezione nidificata è org.xml.sax.SAXParseException: cvc-complex-type.2.3: l'elemento 'property' non può avere carattere [children], perché il tipo di contenuto del tipo è solo-elemento.

org.xml.sax.SAXParseException: cvc-complex-type.2.3: l'elemento 'proprietà' non può contenere caratteri [figli], poiché il tipo di contenuto del tipo è solo elemento.

Cosa devo fare per risolvere questo problema?

Answer 1

La documentazione è sbagliato, questo non è valido:

<property name="hierarchy"> 
    ROLE_ADMIN > ROLE_STAFF 
    ROLE_STAFF > ROLE_USER 
    ROLE_USER > ROLE_GUEST 
</property> 

È necessario avvolgere il contenuto all'interno <value>:

<property name="hierarchy"> 
    <value> 
     ROLE_ADMIN > ROLE_STAFF 
     ROLE_STAFF > ROLE_USER 
     ROLE_USER > ROLE_GUEST 
    </value> 
</property> 

suggerisco di deposito di una questione all'ordine del SpringSource JIRA, chiedendo loro di risolvere i documenti.