Spring security intercept-url pass pattern parameter to access method
Question
In spring security, we can limit access to certaiin web resources using this construct: <intercept-url pattern="/admin.xhtml" access="hasPermission('admin')" />
Now, I have a lot of pages, to access each, one should have special permission with same name as the page name. intercept-url accepts pattern but doesn't seem to provide parameter passing from regex matched groups in pattern to access . I want something like this:
<intercept-url pattern="/([a-z]+).xhtml" access="hasPermission('$1')" />
1 answers
solution1
2 ACCPTED 2013-01-30 12:52:18
Unfortunately you can't use matched regex groups in your access rule. As a workaround you can try to define a custom web security expression. It will be responsible for extracting of some matched regex group:
<intercept-url pattern="/([a-z]+).xhtml" access="hasPermission(extractGroup('$1', '/([a-z]+).xhtml'))" />
During execution extractGroup(...) method will be able to use current HttpRequest. This solution will have two disadvatages:1) it's not so simple to do 2) regex pattern will be duplicated in your conf. If it's OK for you then you can read how to add a custom web security expression here .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.