[英]How to add custom filter to HttpSecurity and retrieve the user? (Spring Security)
[英]How to add matchers to HttpSecurity spring web secure
我嘗試實現 spring 安全性,但是我有很多角色和權限,然后我想將角色動態添加到彼此的資源中。 喜歡它:
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
//PageRequest p = new PageRequest(0, 1000);
List<RolePrivilegeConfig> rolePrivilegesConfig=rolePrivilegeConfigService.findAll();
for (RolePrivilegeConfig rolePrivilegeConfig : rolePrivilegesConfig) {
http.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers(rolePrivilegeConfig.getResource())
.access(rolePrivilegeConfig.getRoleName())
.anyRequest().authenticated();
} }
我有這個錯誤:
無法實例化 [javax.servlet.Filter]:工廠方法“springSecurityFilterChain”拋出異常; 嵌套異常是 java.lang.IllegalStateException: Can't configure antMatchers after anyRequest。
我怎樣才能把所有的匹配器和調用請求放在之后?
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
//PageRequest p = new PageRequest(0, 1000);
List<RolePrivilegeConfig> rolePrivilegesConfig=rolePrivilegeConfigService.findAll();
http.authorizeRequests()
.antMatchers("/login").permitAll();
for (RolePrivilegeConfig rolePrivilegeConfig : rolePrivilegesConfig) {
http.authorizeRequests()
.antMatchers(rolePrivilegeConfig.getResource())
.access(rolePrivilegeConfig.getRoleName());
}
http.authorizeRequests()
.anyRequest().authenticated();
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.