Jay*_*Jay 1 java spring spring-security angularjs spring-boot
在 Spring boot / spring security / Angular JS 应用程序中..
仅当用户具有指定角色时,我才尝试允许以下页面。
.antMatchers("/1_reportingEntities/*.html").hasAnyRole(roles)
但是即使没有为用户设置该角色,它也允许页面。我错过了什么?
Java代码
@Override
protected void configure(HttpSecurity http) throws Exception {
String roles [] = new String[] {"ROLE_EDITOR", "ROLE_AUTHORISER" };
http.httpBasic()
.and()
.authorizeRequests()
// Permit these resources
.antMatchers("/login", "/4_security/login.html", "/bower_components/**", "/0_common/*.html", "/1_reportingEntities/*.js",
"/2_dataCollections/*.js", "/3_calendar/*.js", "/4_security/*.js", "/")
.permitAll()
// All other requests needs authentication
.anyRequest().authenticated()
// Allow only if has certain roles
.antMatchers("/1_reportingEntities/*.html").hasAnyRole(roles)
.and()
// CSRF protection
.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
// Enable https
http.requiresChannel().anyRequest().requiresSecure();
}
| 归档时间: |
|
| 查看次数: |
3287 次 |
| 最近记录: |