我正在开发一个 Spring Boot 应用程序并为用户编写一个 API 以便能够阅读消息。URL之一是:
/users/USER1/messages
现在,我显然希望只有经过身份验证的用户才能访问此 get 请求的内容。但是所有经过身份验证的用户是不够的。我还希望只有拥有用户名的用户 - USER1 才能在这里查看真实内容,其余的应该收到 403 状态。我想出了如何在没有 spring 安全配置的情况下执行此操作(在我的服务中,我正在检查登录的用户名并将其与 URL 中的参数进行比较,仅当它们相等时才继续),但我认为应该有一种更简单的方法只使用 SecurityConfiguration?我当前的配置如下所示:
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers(HttpMethod.GET, "/users/**").authenticated()
.antMatchers("/h2-console/*").permitAll()
.anyRequest().authenticated()
.and()
.formLogin();
http.csrf().disable();
http.headers().frameOptions().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("superman").password("superman").roles("USER")
.and()
.withUser("admin").password("admin").roles("ADMIN");
}
}
编辑:以下回答建议方法安全表达式我已经使用了它,但它似乎仍然不起作用(如果我被认证为 USER2,我仍然可以读取 USER1 的消息)。这是我添加了 PreAuthorize 注释的控制器
@RequestMapping(method = RequestMethod.GET, value = "/messages", produces = {"application/json"})
@ResponseBody
@PreAuthorize("#userHandle == authentication.name")
public …我有一个问题从csv解析日期,我找不到问题(人们会认为)简单日期 - 日/月/日.这是我的csv文件的结构:
Date,Key-values,Line Item,Creative,Ad unit,Creative size,Ad server impressions,Ad server clicks,Ad server CTR
04/04/16,prid=DUBAP,Hilton_PostAuth 1,Stop Clicking Around - 300x250,383UKHilton_300x250,300 x 250,31,0,0.00%
04/04/16,prid=DUBAP,Hilton_PostAuth 2,16-0006_Auction_Banners_300x250_cat4,383UKHilton_300x250,300 x 250,59,0,0.00%
和我的logstash.config文件:
input {
file {
path => "/Users/User/*.csv"
type => "core2"
start_position => "beginning"
}
}
filter {
csv {
columns => ["Date","Key-values","Line Item","Creative","Ad unit","Creative size","Ad server impressions","Ad server clicks","Ad server CTR"]
separator => ","
}
date {
match => ["Date", "dd/MM/YY"]
}
mutate {convert => ["Ad server impressions", "float"]}
mutate {convert => ["Ad server …