堆栈内存溢出
  简体   繁体   English

如何为特定的URL启用Spring安全性

[英]How to enable spring security for particular url

 原文  2018-05-21 12:16:04       java/ spring/ spring-mvc/ spring-boot/ spring-security

问题描述

im using spring security and my config is 即时通讯使用春季安全,我的配置是 

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.
        authorizeRequests()
            .antMatchers("/**").permitAll()
            .antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest().authenticated()
            .and().csrf().disable().formLogin().loginPage("/adminlogin").failureUrl("/adminlogin?error=true")
            .defaultSuccessUrl("/admin/dashboard")
            .usernameParameter("email")
            .passwordParameter("password")
            .and().logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
            .logoutSuccessUrl("/adminlogin?logout=true").and().exceptionHandling()
            .accessDeniedPage("/accessdenied");
}

now what i am trying to achieve that all links are accessible without any security but link start with /admin/** only allow to user with role "admin". 现在,我正在尝试实现所有链接都可以访问而没有任何安全性,但是以/ admin / **开头的链接仅允许角色为“ admin”的用户使用。

but rite now it allow /admin/** to everyone. 但现在,它允许所有人使用/ admin / **。

any suggestions. 有什么建议么。

i have tried many solutions from stackoverflow ie How to fix role in Spring Security? 我已经尝试过stackoverflow的许多解决方案,即如何修复Spring Security中的角色? but no luck. 但没有运气。 the behavior remains same,it allows even /admin/ urls to use publicly. 行为保持不变,它甚至允许/ admin / url公开使用。

2 个解决方案

解决方案1
 0  2018-05-21 12:18:58

Why not try role? 为什么不尝试角色? 

@Configuration
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
          .authorizeRequests()
          .antMatchers("/admin/**").hasRole("ADMIN");
    }
   }

ref : http://www.baeldung.com/spring-security-expressions-basic 参考: http : //www.baeldung.com/spring-security-expressions-basic

解决方案2
 0 已采纳  2018-05-24 10:39:02

http
    .csrf().disable()      
    .httpBasic().and()
    .authorizeRequests()
        .antMatchers("/admin/**").hasAuthority("ADMIN")
        .antMatchers("/**").permitAll()
        .anyRequest().authenticated()
        .and()
    .formLogin()
    .loginPage("/adminLogin").failureUrl("/adminLogin?error=true")
    .defaultSuccessUrl("/admin/dashboard")
    .usernameParameter("email")
    .passwordParameter("password")
    .and().logout()
    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
    .logoutSuccessUrl("/adminLogin?logout=true").and().exceptionHandling()
    .accessDeniedPage("/accessdenied");

works perfectly for me. 非常适合我。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何禁用特定 url 的 spring 安全 - How to disable spring security for particular url 如何启用Spring安全性? - How to enable Spring security? 根据客户端 URL 启用 Spring Security 身份验证 - Enable Spring Security authentication depending on client URL 如何在 Spring Boot Security 中启用或禁用用户 - How to enable or disable user in Spring Boot Security 使用Spring Security,我如何使用HTTP方法(例如GET,PUT,POST)来确定特定URL模式的安全性? - Using Spring Security, how can I use HTTP methods (e.g. GET, PUT, POST) to distingush security for particular URL patterns? 如何在URL上实现Spring Security - How to implement spring security on the url 如何在Spring Security中为选择性的HTTP模式启用内容安全策略 - How to enable content security policy to selective http patterns in spring security Spring Security - 如何启用Method Security注释? - Spring Security - how I can enable Method Security annotations? 如何使用Spring MVC和Spring Security为资源处理程序启用HTTP缓存 - How to enable HTTP caching for the resource handler with Spring MVC and Spring Security 如何使用Spring Security保护自定义URL - How to protect custom url with spring security
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM