Java 如何使用intercept-url模式和访问?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20913936/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to use intercept-url pattern and access?
提问by Pracede
I am using Spring security but i don't understand very well how intercept-url works. Here is my spring security config file :
我正在使用 Spring 安全性,但我不太了解拦截 url 的工作原理。这是我的 spring 安全配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.2.xsd">
<!-- configuration des urls -->
<security:http auto-config="true">
<security:intercept-url pattern="/*" access="ROLE_USER" />
<security:form-login/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="authenticationProvider" />
</security:authentication-manager>
<bean id="authenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<bean id="userDetailsService"
class="com.nexthome.app.security.UserDetailsServiceImpl" />
</beans>
With this configuration, i cannot access without being authenticated. So when accessing the url http://localhost:8080/nexthomedisplays a spring login form (http://localhost:8080/nexthome/spring_security_login).
But when i change the to . I am able to access to http://localhost:8080/nexthome/user/loginwithout login.
使用此配置,我无法在未经身份验证的情况下访问。所以在访问 url 时http://localhost:8080/nexthome会显示一个 spring 登录表单 ( http://localhost:8080/nexthome/spring_security_login)。但是当我改变为 . 我http://localhost:8080/nexthome/user/login无需登录即可访问。
My aim is to protected some url :
我的目标是保护一些网址:
http://localhost:8080/nexthome all people must access
http://localhost:8080/nexthome/login all people must access ( how to display spring login form when trying to access the url?)
http://localhost:8080/nexthome/logout access to ROLE_USER and ROLE_ADMIN
Thanks for your help
谢谢你的帮助
采纳答案by Pracede
I've found the answer to my question :
我找到了我的问题的答案:
<security:http auto-config="true">
<security:intercept-url pattern="/register"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/login*"
access="ROLE_USER" />
<security:intercept-url pattern="/logout*"
access="ROLE_USER,ROLE_ADMIN" />
<security:form-login/>
</security:http>
Now the url http:localhost:8080/nexthomeis free access http:localhost:8080/nexthome/regsiteris free access http:localhost:8080/nexthome/loginprompt the Spring Security login form before accessing the ressource http:localhost:8080/nexthome/logoutprompt the Spring Security login form before accessing the ressource
现在urlhttp:localhost:8080/nexthome是free access http:localhost:8080/nexthome/regsiteris free accesshttp:localhost:8080/nexthome/login提示Spring Security登录表单访问ressource之前http:localhost:8080/nexthome/logout提示Spring Security登录表单访问ressource
回答by Kevin Bowersox
The pattern attribute on the security:intercept-urltag uses Ant paths. Under this syntax .has no meaning except for a literal .. So the pattern is most likely not recognized by Spring security and ignored.
security:intercept-url标记上的模式属性使用Ant 路径。在这种语法下,.除了文字之外没有任何意义.。因此该模式很可能不被 Spring 安全识别并被忽略。
If you want to require authentication for the /nexthome/logouturl but not /nexthome/loginand /nexthomeyou can use the following configuration:
如果你想需要验证/nexthome/logout网址,但不是/nexthome/login和/nexthome你可以使用以下配置:
<security:http auto-config="true">
<intercept-url pattern="/nexthome" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/nexthome/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/nexthome/logout" access="ROLE_USER,ROLE_ADMIN" />
<security:form-login/>
</security:http>
回答by Varun Sharma
In form-login use login-page like this
在表单登录中使用这样的登录页面
<securityform-login login-page="/login" >
If no login URL is specified, Spring Security will automatically create a login URL at / spring_security_login.
如果没有指定登录 URL,Spring Security 会自动在 /spring_security_login 创建一个登录 URL。
For logout purpose use
用于注销目的使用
<intercept-url pattern="/nexthome/logout" access="ROLE_USER,ROLE_ADMIN" />
