Spring Security:基于令牌的身份验证和JSR 250

时间:2016-10-18 14:12:35

标签: spring authentication spring-security jsr250

@RestController
public class ApplicationController {

    @PermitAll
    @RequestMapping(value = "/", method = RequestMethod.GET)
    public String index() {
        return "Greetings from ContextConfig Boot!";
    }

    @RolesAllowed({"ADMIN"})
    @RequestMapping(value = "/secured", method = RequestMethod.GET)
    public String secured() {
        return "Secured :)";
    }
}

令牌在标题“X-AUTH-TOKEN”中发送。

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    }
}

这种实际的弹簧安全配置。如何在用户在标题中发送令牌并配置角色“ADMIN”时配置弹簧安全性,他将被允许访问“安全”?

0 个答案:

没有答案