如何保护用户角色的Spring控制器方法?
[英]How can I secure Spring controller methods for user roles?
问题描述
I have USER , ROLE and USER_ROLE tables and a bunch Spring controllers ... is there an Spring annotation I can add to the controller methods that will specify the role(s) a user should have to be able to access it? 
我有USER , ROLE和USER_ROLE表以及一堆Spring控制器...我可以在控制器方法中添加一个Spring标注,该标注将指定用户应该具有访问它的角色?
I guess it's going to be Spring security? 我想这将是Spring安全性? Is that straighforward to wire up to an existing user/role schema? 是否可以轻松连接到现有的用户/角色架构?
I'm using Spring 2.5.4. 我正在使用Spring 2.5.4。
2 个解决方案
解决方案1
4 已采纳 2011-07-28 15:30:21
Spring Security is going to be your easiest way to do it. Spring Security将是您最简单的方法。 What you're asking for specifically is Method Security Expressions . 您特别需要的是方法安全性表达式 。 You can achieve this by using the following: 您可以使用以下方法实现此目的:
@PreAuthorize("hasRole('ROLE_ADMIN')")
public void deleteUser(User user) {
...
}
It's pretty straightforward to set up Spring Security with a database backend. 使用数据库后端设置Spring Security非常简单。 I'd take a look at the DAOAuthenticationProvider as a starting point. 我将以DAOAuthenticationProvider为起点。
解决方案2
0 2011-07-28 16:13:36
Spring Security annotations, as follows: Spring Security批注,如下所示:
@Secured({"ROLE_1", "ROLE_2"})
public String mySecuredHander() {
return "foo";
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.