문서의 이전 판입니다!
<global-method-security> <expression-handler ref="myMethodSecurityExpressionHandler"/> </global-method-security>
<!-- This must go before the http element in order to be used by security:authorize tags using the access attribute --> <bean id="expressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"> <property name="roleHierarchy" ref="roleHierarchy" /> <!-- 꼭 필요한지는 의문 --> </bean> <security:http auto-config="true" use-expressions="true" access-decision-manager-ref="accessDecisionManager"> ... </security:http> <!-- security:authorize tags using the url attribute will delegate to this accessDecisionManager --> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <ref bean="webExpressionVoter" /> </list> </property> </bean> <bean id="webExpressionVoter" class="org.springframework.security.web.access.expression.WebExpressionVoter"> <property name="expressionHandler" ref="expressionHandler" /> </bean> <!-- 꼭 필요한지는 의문 --> <bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl"> <property name="hierarchy"> <value> ROLE_A > ROLE_B ROLE_B > ROLE_AUTHENTICATED ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED </value> </property> </bean>