我在我的应用程序中为基于角色的内容加载添加了带有taglib的spring安全性。身份验证过程将由外部服务处理,并且在成功验证后,外部服务将在请求标头中添加用户详细信息和角色详细信息。在我的应用程序中,我必须从请求标头获取角色,并且需要使用spring security configure方法验证角色。
帮助我了解如何验证角色。
Spring security Class:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/console")
.access("hasRole('MASTER ADMIN') or hasRole('ADMIN') or hasRole('DEV') or hasRole('QA')")
.and()
.formLogin()
.defaultSuccessUrl("/console", true)
.and().logout().logoutSuccessUrl("/login");
}
}
控制器类:
@RequestMapping(value = "/login")
public ModelAndView validateLogin(final HttpServletRequest request, final HttpServletResponse response) {
final ModelAndView modelView = new ModelAndView();
final String loginUserId = request.getParameter("USER");
final String companyCode = request.getHeader("ROLE");
final String firstName = request.getHeader("FIRSTNAME");
final String lastName = request.getHeader("LASTNAME");
//** some code to validate the role details with spring security configure method ie (has access method) and return the default success url based on the role.