Spring Security-动态禁用安全性
[英]Spring Security - disable security dynamically
问题描述
How can I disable Spring Security dynamically? 
如何动态禁用Spring Security? With the code below, my application requires authentication to access some pages, but I'd like to enable / disable that using property files. 使用下面的代码,我的应用程序需要身份验证才能访问某些页面,但是我想使用属性文件来启用/禁用该页面。 Any suggestions? 有什么建议么?
- Spring Security 4 春季安全4
I know about setting the security attribute to false in the http tag but that requires recompiling code, which is not sufficient for me.
我知道将http标记中的security属性设置为false,但这需要重新编译代码,这对我来说还不够。 <sec:http> <sec:intercept-url pattern="/services/**" access="hasRole('ROLE_USER')"/> <sec:intercept-url pattern="/app/**" access="hasRole('ROLE_ADMIN')"/> <sec:intercept-url pattern="/**" access="isAuthenticated()" /> <sec:http-basic /> <sec:csrf disabled="true" /> </sec:http>
Thanks in advance. 提前致谢。
1 个解决方案
解决方案1
1 2015-07-06 14:33:12
Assuming you have the user and roles being fetched from data base table.Customize some property file so when the server starts up it appropriately updates the db with required roles and the user gets the roles as required.So you can by pass the already existing security.(not exactly by passing but granting the roles based on property file) 假设您有从数据库表中获取的用户和角色,请自定义一些属性文件,以便在服务器启动时适当地更新具有所需角色的数据库,然后用户根据需要获取角色,因此可以通过已经存在的安全性(不是完全通过传递,而是基于属性文件授予角色)
Note : you have to write a one time util class to parse the property file and update db which should happen on server start up. 注意:您必须编写一个一次性util类来解析属性文件并更新服务器启动时应发生的db。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.