spring security 配置 intercept-url 时需要注意的几个问题
来源:互联网 发布:腾讯视频会员淘宝骗局 编辑:程序博客网 时间:2024/05/16 12:43
Spring Security 正则表达
By default, after you’ve added Spring Security to your Roo app with ‘security setup’, you get an example config in a applicationContext-security.xml file like this:
<http auto-config="true" use-expressions="true"> <form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t"/> <logout logout-url="/resources/j_spring_security_logout"/> <!-- Configure these elements to secure URIs in your application --> <intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')"/> <intercept-url pattern="/member/**" access="isAuthenticated()" /> <intercept-url pattern="/resources/**" access="permitAll" /> <intercept-url pattern="/**" access="permitAll" /> </http>
The default pattern matching approach is to use Ant style path matching. If you need to be more specific for what URLs you need to define security against, then you can change to use regex style pattern matching by adding this attribute to the <http> element:
<http ... path-type="regex" ... >
Now, let’s say you need to have different roles for creating verses listing member records – Spring Roo uses a couple of GET parameters to distinguish between these actions, so using regex you can match on these like this:
<intercept-url pattern="/member?form" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/member?page.*" access="hasRole('ROLE_USER')" />
Spring Security 顺序问题
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="accessDecisionManager"/> <property name="runAsManager" ref="runAsManager"/> <property name="securityMetadataSource"> <security:filter-security-metadata-source path-type="regex"> <security:intercept-url pattern="\A/secure/super/.*\Z" access="ROLE_WE_DONT_HAVE"/> <security:intercept-url pattern="\A/secure/.*\" access="ROLE_SUPERVISOR,ROLE_TELLER"/> </security:filter-security-metadata-source> </property></bean>
模式总是根据他们定义的顺序进行执行。因此很重要的是,把更确定的模式定义到列表的上面。 这会反映在你上面的例子中,更确定的/secure/super/
模式放在,没那么确定的 /secure/
模式的上面。如果它们被反转了。/secure/
会一直 被匹配,/secure/super/
就永远也不会执行。
多参数问题
<intercept-url pattern="/player/\?movie=warring-state.*" access="permitAll" />
可以匹配 /video/edit?t=testtitle1&v=12 或者 /video/edit?t=testtitle1
- spring security 配置 intercept-url 时需要注意的几个问题
- 8. Spring Security intercept-url配置
- Spring Security intercept url
- Spring Security(08)——intercept-url配置
- Spring Security(08)——intercept-url配置
- Spring Security(08)——intercept-url配置
- Spring Security(08)——intercept-url配置
- Spring Security(08)——intercept-url配置
- Spring Security(08)——intercept-url配置
- URL优化需要注意的几个问题
- 使用GDI+时需要注意的几个问题
- Flex开发时需要注意的几个问题
- 使用三极管时需要注意的几个问题
- spring security配置的注意细节
- ArcEngine_WPF 需要注意的几个问题
- Ajax需要注意的几个问题
- intercept-url配置
- HBase配置时注意的几个问题
- 动态代理
- linux安装sybase注意事项
- 采样率与比特率
- stax方法解析XML
- 行为模式之观察者模式
- spring security 配置 intercept-url 时需要注意的几个问题
- hibernate 得1+n问题
- gwt-ext的布局
- jquery 和其他js框架同时使用的不兼容问题解决方法
- oracle安装时出错
- 按钮动画效果
- struts2标签判断字符相等问题
- 超链接点击跳动
- 比特币沉浮录