![](/img/trans.png)
[英]How to defined ROLE_USER,ROLE_ADMIN IN together for one spefic url in spring xml using spring security?
[英]Spring security - how come I can only access pages as ROLE_ADMIN and not ROLE_USER?
在我的應用程序中,我具有一個SecurityConfiguration
類,該類具有以下方法:
protected void configure(HttpSecurity http) throws Exception {
CharacterEncodingFilter filter = new CharacterEncodingFilter();
http.addFilterBefore(filter,CsrfFilter.class);
http
.formLogin()
.loginPage("/login")
.usernameParameter("ssoId")
.passwordParameter("password")
.and()
.authorizeRequests()
// I admit that this section needs some work
.antMatchers("/", "/home/**", "/alert/*", "/scheduler/*", "/agent/*", "/ftp/*", "/smtp/*", "/sql/*").access("hasRole('USER')")
.antMatchers("/benefit/transport/*", "/contract/*").access("hasRole('ADMIN')")
.antMatchers("/", "/home/*", "/alert/*", "/scheduler/*", "/agent/*", "/ftp/*", "/smtp/*", "/sql/*").access("hasRole('ADMIN')")
.antMatchers("/benefit/transport/*", "/contract/*").access("hasRole('ADMIN')")
.antMatchers("/admin/**").access("hasRole('ADMIN')")
.antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")
.and()
.rememberMe().rememberMeParameter("remember-me").tokenRepository(persistentTokenRepository()).tokenValiditySeconds(86400)
.and()
.csrf()
.and()
.exceptionHandling().accessDeniedPage("/accessDenied");
}
但是正如問題所指出的,我我的用戶具有ROLE_ADMIN特權,在整個應用程序中訪問都是正常的。 但是,如果他只有ROLE_USER,則不會顯示任何頁面。
我在這里沒看到什么?
您要如何達到這些目標?
.antMatchers("/", "/home/**", "/alert/*", "/scheduler/*", "/agent/*", "/ftp/*", "/smtp/*", "/sql/*").access("hasRole('USER')")
.antMatchers("/", "/home/*", "/alert/*", "/scheduler/*", "/agent/*", "/ftp/*", "/smtp/*", "/sql/*").access("hasRole('ADMIN')")
在我看來,您正在此處覆蓋您的配置。因此,ADMIN角色將在此處覆蓋USER角色。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.