这是我的spring-security.xml文件。我不明白如何定义访问属性。有" ROLE_USER"和" ROLE_ANONYMOUS"作为默认值,但我如何定义自定义访问属性?例如" admin"值从数据库返回,如何更改此访问权限以设置管理员。
<intercept-url pattern="/**" access="admin" />
上面的代码给出错误。
<http auto-config="true">
<intercept-url pattern="/pages/login.xhtml*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="" />
<form-login login-page='/pages/login.xhtml' default-target-url="/**"
authentication-failure-url="/pages/login.xhtml"/>
<logout logout-success-url="/pages/logout.xhtml" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
select username,password
from app_user where username=?"
authorities-by-username-query="
select u.username, ur.role from app_user u, role ur
where u.role = ur.uuid and u.username =? "
/>
</authentication-provider>
</authentication-manager>
答案 0 :(得分:0)
我认为您需要进行一些更改,如下所示
<http auto-config="true" use-expressions="true"> <intercept-url pattern="/pages/login.xhtml*" access="permitAll"/> <intercept-url pattern="/**" access="hasRole('admin')" /> 目前我正在使用Spring MVC 3.2和Spring Security 3.1