문서의 이전 판입니다!
<global-method-security> <expression-handler ref="myMethodSecurityExpressionHandler"/> </global-method-security>
<!-- This must go before the http element in order to be used by security:authorize tags using the access attribute --> <bean id="expressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"> <property name="roleHierarchy" ref="roleHierarchy" /> <!-- 꼭 필요한지는 의문 --> </bean> <security:http auto-config="true" use-expressions="true" access-decision-manager-ref="accessDecisionManager"> ... </security:http> <!-- security:authorize tags using the url attribute will delegate to this accessDecisionManager --> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <ref bean="webExpressionVoter" /> </list> </property> </bean> <bean id="webExpressionVoter" class="org.springframework.security.web.access.expression.WebExpressionVoter"> <property name="expressionHandler" ref="expressionHandler" /> </bean> <!-- 꼭 필요한지는 의문 --> <bean id="roleHierarchy" class="org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl"> <property name="hierarchy"> <value> ROLE_A > ROLE_B ROLE_B > ROLE_AUTHENTICATED ROLE_AUTHENTICATED > ROLE_UNAUTHENTICATED </value> </property> </bean>
403 Forbidden
페이지가 뜬다.<access-denied-handler ref="accessDeniedHandler 빈"/> <!-- 혹은 에러 처리 주소 지정 --> <access-denied-handler error-page="/accessDenied.do" />