我正在使用 Spring 安全性,但我不太了解 intercept-url 的工作原理。这是我的 spring 安全配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd">
<!-- configuration des urls -->
<security:http auto-config="true">
<security:intercept-url pattern="/*" access="ROLE_USER" />
<security:form-login/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>
<bean id="authenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<bean id="userDetailsService"
class="com.nexthome.app.security.UserDetailsServiceImpl" />
</beans>
使用此配置,我无法在未经身份验证的情况下访问。因此,当访问 url http://localhost:8080/nexthome
时,会显示一个 spring 登录表单 (http://localhost:8080/nexthome/spring_security_login
)。
但是当我将 to 更改为 .我无需登录即可访问 http://localhost:8080/nexthome/user/login
。
我的目标是保护一些 url :
http://localhost:8080/nexthome all people must access
http://localhost:8080/nexthome/login all people must access ( how to display spring login form when trying to access the url?)
http://localhost:8080/nexthome/logout access to ROLE_USER and ROLE_ADMIN
谢谢你的帮助
最佳答案
security:intercept-url
标签上的 pattern 属性使用 Ant paths .在这种语法下,.
除了文字 .
之外没有任何意义。因此,该模式很可能无法被 Spring 安全性识别并被忽略。
如果你想要求对 /nexthome/logout
url 进行身份验证而不是 /nexthome/login
和 /nexthome
你可以使用以下配置:
<security:http auto-config="true">
<intercept-url pattern="/nexthome" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/nexthome/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/nexthome/logout" access="ROLE_USER,ROLE_ADMIN" />
<security:form-login/>
</security:http>
关于java - 如何使用拦截 url 模式和访问?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20913936/