spring security url模式不适用于子路径

时间:2017-09-17 15:16:34

标签: spring-security

我希望春天安全拦截

/admin
/admin/
/admin/products

我正在使用

<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />

但只拦截了第一个网址/admin,并将其重定向到登录页面。

这是我的配置xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">

<http auto-config="true">

    <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />

    <form-login login-page="/login" default-target-url="/admin"
        authentication-failure-url="/login" username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/login" />
    <!-- enable csrf protection -->
    <csrf />
</http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="auser" password="123" authorities="ROLE_ADMIN" />
        </user-service>
    </authentication-provider>
</authentication-manager>

</beans:beans>

0 个答案:

没有答案
相关问题
最新问题