[英]How can I secure Spring controller methods for user roles?
I have USER
, ROLE
and USER_ROLE
tables and a bunch Spring controllers ... is there an Spring annotation I can add to the controller methods that will specify the role(s) a user should have to be able to access it? 我有
USER
, ROLE
和USER_ROLE
表以及一堆Spring控制器...我可以在控制器方法中添加一个Spring标注,该标注将指定用户应该具有访问它的角色?
I guess it's going to be Spring security? 我想这将是Spring安全性? Is that straighforward to wire up to an existing user/role schema?
是否可以轻松连接到现有的用户/角色架构?
I'm using Spring 2.5.4. 我正在使用Spring 2.5.4。
Spring Security is going to be your easiest way to do it. Spring Security将是您最简单的方法。 What you're asking for specifically is Method Security Expressions .
您特别需要的是方法安全性表达式 。 You can achieve this by using the following:
您可以使用以下方法实现此目的:
@PreAuthorize("hasRole('ROLE_ADMIN')")
public void deleteUser(User user) {
...
}
It's pretty straightforward to set up Spring Security with a database backend. 使用数据库后端设置Spring Security非常简单。 I'd take a look at the DAOAuthenticationProvider as a starting point.
我将以DAOAuthenticationProvider为起点。
Spring Security annotations, as follows: Spring Security批注,如下所示:
@Secured({"ROLE_1", "ROLE_2"})
public String mySecuredHander() {
return "foo";
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.