@RestController
public class ApplicationController {
@PermitAll
@RequestMapping(value = "/", method = RequestMethod.GET)
public String index() {
return "Greetings from ContextConfig Boot!";
}
@RolesAllowed({"ADMIN"})
@RequestMapping(value = "/secured", method = RequestMethod.GET)
public String secured() {
return "Secured :)";
}
}
令牌在标题“X-AUTH-TOKEN”中发送。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
}
}
这种实际的弹簧安全配置。如何在用户在标题中发送令牌并配置角色“ADMIN”时配置弹簧安全性,他将被允许访问“安全”?