如何在 Spring-boot 中成功登录后限制 POST Rest Api 进行公共访问
[英]How to restrict POST Rest Api for public access after successful login in Spring-boot
问题描述
I am a new in JAVA/Springboot, I want to restrict POST rest api to access publicly.
我是 JAVA/Springboot 新手,我想限制 POST rest api 公开访问。
Once user login successfully, the API is currently accessible publicly and able to add update data.用户登录成功后,该 API 当前可公开访问并能够添加更新数据。 I want to restrict it and only accessible privately.My aim is to restrict unauthorised user to add or update data publicly and it should be privatly accessible.我想限制它并且只能私下访问。我的目标是限制未经授权的用户公开添加或更新数据,并且应该可以私下访问。
Thank You...谢谢你...
1 个解决方案
解决方案1
1 2020-04-01 12:20:55
You can make use of preAuthorize您可以使用 preAuthorize
@PreAuthorize("hasAnyRole('MY_ROLE_TO_CHECK')")
preAuthorize also allow you expressions with Spring EL. preAuthorize 还允许您使用 Spring EL 进行表达式。
if you just want to check, if the user is logged in, then it could be如果您只想检查用户是否已登录,则可能是
@PreAuthorize("isAuthenticated()")
Take a look at Built-in EL of Spring Security看一下Spring Security 的内置 EL
Enable annotation-based security to use preAuthorize 启用基于注释的安全性以使用 preAuthorize
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.