我已经应用了以下代码,但它无法正常工作,任何人都可以给我一些解决方案。谢谢。
控制器方法:
@Controller
public class UserController {
@Secured("ROLE_USER")
@RequestMapping(value="user/{userName}", method=RequestMethod.GET)
public @ResponseBody User getAvailability(@PathVariable String userName, HttpServletResponse response) { }
}
applicationContext-security.xml相关配置:
<global-method-security secured-annotations="enabled" />
<http>
<intercept-url pattern="/user" requires-channel="https"/>
<http-basic/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user password="password" name="manager" authorities="ROLE_MANAGER"/>
<user password="password" name="user" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
答案 0 :(得分:0)
您希望使用<intercept_url>标记来应用安全性。
例如:
<intercept-url pattern="/user" requires-channel="https" access="ROLE_USER"/>
答案 1 :(得分:0)
如果您想使用基于网址的访问控制,则需要添加/ **
<intercept-url pattern="/user/**" requires-channel="https"/>
如果您需要方法级安全性,则需要
<context:component-scan base-package="com.yourcompany.etc"/>
<security:global-method-security secured-annotations="enabled"/>
同样在您的web.xml中,您需要将spring security config作为参数添加到您的servlet
<servlet>
<servlet-name>myservlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/applicationContext-security.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>