I am trying to convert a Spring Security 3 @Secured("admin") annotation into Spring Security 4 compatible fashion.

我正在尝试将 Spring Security 3 @Secured("admin") 注释转换为 Spring Security 4 兼容的方式。

This is my usersService.java

这是我的 usersService.java

@PreAuthorize("hasAuthority('admin')")
public List<User> getAllUsers() {
    return usersDao.getAllUsers();
}

Then in security-context.xmlI have:

然后在security-context.xml我有：

<security:intercept-url pattern="/admin" access="permitAll" />
...
<security:global-method-security pre-post-annotations="enabled" />

getAllUsers()is called by a LoginController.java

getAllUsers()被一个调用 LoginController.java

@RequestMapping("/admin")
public String showAdmin(Model model) {
    List<User> users = usersService.getAllUsers();

    model.addAttribute("users", users);

    return "admin";
}

In mySql database, there are two tables, users and authorities. authoritieshas 2 columns, username and authority. administratorhas authority admin.

在mySql数据库中，有两个表，用户和权限。authorities有 2 列，用户名和权限。administrator有权限admin。

Now if I trie to access /admin, I will be redirected to /login, but after I log in with administrator, I still get "access denied".

现在，如果我尝试访问/admin，我将被重定向到/login，但在使用 登录后administrator，我仍然收到“拒绝访问”。

I think I must have missed something very basic but as I am new to Spring, I could not figure it out. Any help would be appreciated. Thanks.

我想我一定错过了一些非常基本的东西，但由于我是 Spring 的新手，我无法弄清楚。任何帮助，将不胜感激。谢谢。

Update: I tried changing the annotation to @PreAuthorize("hasRole('ROLE_ADMIN')") and I also changed the "authority" column in mySql for admin from "admin" to "ROLE_ADMIN" but it still gives me 403. I did not have much faith on this because before this error, I had to change hasRole('admin')in securityContext.xmlto hasAuthority('admin').

更新：我尝试将注释更改为 @PreAuthorize("hasRole('ROLE_ADMIN')") 并且我还将 mySql 中用于 admin 的“authority”列从“admin”更改为“ROLE_ADMIN”，但它仍然给了我 403。我做到了没有这多少信心，因为这个错误之前，我不得不改变hasRole('admin')在securityContext.xml给hasAuthority('admin')。