[英]How to restrict POST Rest Api for public access after successful login in Spring-boot
I am a new in JAVA/Springboot, I want to restrict POST rest api to access publicly.我是 JAVA/Springboot 新手,我想限制 POST rest api 公开访问。
Once user login successfully, the API is currently accessible publicly and able to add update data.用户登录成功后,该 API 当前可公开访问并能够添加更新数据。 I want to restrict it and only accessible privately.My aim is to restrict unauthorised user to add or update data publicly and it should be privatly accessible.
我想限制它并且只能私下访问。我的目标是限制未经授权的用户公开添加或更新数据,并且应该可以私下访问。
Thank You...谢谢你...
You can make use of preAuthorize您可以使用 preAuthorize
@PreAuthorize("hasAnyRole('MY_ROLE_TO_CHECK')")
preAuthorize also allow you expressions with Spring EL. preAuthorize 还允许您使用 Spring EL 进行表达式。
if you just want to check, if the user is logged in, then it could be如果您只想检查用户是否已登录,则可能是
@PreAuthorize("isAuthenticated()")
Take a look at Built-in EL of Spring Security看一下Spring Security 的内置 EL
Enable annotation-based security to use preAuthorize 启用基于注释的安全性以使用 preAuthorize
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.