im using spring security and my config is
@Override
protected void configure(HttpSecurity http) throws Exception {
http.
authorizeRequests()
.antMatchers("/**").permitAll()
.antMatchers("/admin/**").hasAuthority("ADMIN").anyRequest().authenticated()
.and().csrf().disable().formLogin().loginPage("/adminlogin").failureUrl("/adminlogin?error=true")
.defaultSuccessUrl("/admin/dashboard")
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/adminlogin?logout=true").and().exceptionHandling()
.accessDeniedPage("/accessdenied");
}
now what i am trying to achieve that all links are accessible without any security but link start with /admin/** only allow to user with role "admin".
but rite now it allow /admin/** to everyone.
any suggestions.
i have tried many solutions from stackoverflow ie How to fix role in Spring Security? but no luck. the behavior remains same,it allows even /admin/ urls to use publicly.
Why not try role?
@Configuration
@EnableWebSecurity
public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN");
}
}
ref : http://www.baeldung.com/spring-security-expressions-basic
http
.csrf().disable()
.httpBasic().and()
.authorizeRequests()
.antMatchers("/admin/**").hasAuthority("ADMIN")
.antMatchers("/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/adminLogin").failureUrl("/adminLogin?error=true")
.defaultSuccessUrl("/admin/dashboard")
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/adminLogin?logout=true").and().exceptionHandling()
.accessDeniedPage("/accessdenied");
works perfectly for me.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.