我覆盖了GlobalMethodSecurityConfiguration类，但是只覆盖了一种方法:protected MethodSecurityExpressionHandler createExpressionHandler()。

当我尝试运行该应用程序时，我得到:



配置类

当我不重写该基本方法时，为什么要这样做？如何在不出现此错误的情况下覆盖MethodSecurityExpressionHandler？

import com.testing.AadMethodSecurityExpressionHandler;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class MyMethodSecurityConfig extends GlobalMethodSecurityConfiguration
{
    @Override
    protected MethodSecurityExpressionHandler createExpressionHandler()
    {
        return new MyMethodSecurityExpressionHandler();
    }
}

import org.aopalliance.intercept.MethodInvocation;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
import org.springframework.security.core.Authentication;

public class MyMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler
{
    @Override
    protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication, MethodInvocation invocation)
    {
        MyMethodSecurityExpressionRoot root = new MyMethodSecurityExpressionRoot( authentication );
        root.setPermissionEvaluator( getPermissionEvaluator() );
        root.setTrustResolver( getTrustResolver() );
        root.setRoleHierarchy( getRoleHierarchy() );

        return root;
    }
}

import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.access.expression.method.MethodSecurityExpressionOperations;
import org.springframework.security.core.Authentication;

public class MyMethodSecurityExpressionRoot extends SecurityExpressionRoot implements MethodSecurityExpressionOperations
{
    private Object filterObject;
    private Object returnObject;
    private Object target;

    public MyMethodSecurityExpressionRoot(Authentication a)
    {
        super( a );
    }

    @Override
    public void setDefaultRolePrefix(String defaultRolePrefix)
    {
        //Simple test to see if this works
        super.setDefaultRolePrefix( "" );
    }

    public void setFilterObject(Object filterObject)
    {
        this.filterObject = filterObject;
    }

    public Object getFilterObject()
    {
        return filterObject;
    }

    public void setReturnObject(Object returnObject)
    {
        this.returnObject = returnObject;
    }

    public Object getReturnObject()
    {
        return returnObject;
    }

    void setThis(Object target)
    {
        this.target = target;
    }

    public Object getThis()
    {
        return target;
    }
}

对于任何为我遇到此问题的人，解决方案是删除在已设置的WebSecurityConfigurer上配置的重复@EnableGlobalMethodSecurity批注。