Java 限制spring security中特定角色的特定url访问
我想限制特定角色的URLJava 限制spring security中特定角色的特定url访问,java,spring,spring-security,Java,Spring,Spring Security,我想限制特定角色的URL <security:http entry-point-ref="casEntryPoint" use-expressions="true"> <security:intercept-url pattern="/**" access="hasAnyRole(All roles)" /> <security:intercept-url pattern="/unauthorized" access="hasRole('ROLE_
<security:http entry-point-ref="casEntryPoint" use-expressions="true">
<security:intercept-url pattern="/**" access="hasAnyRole(All roles)" />
<security:intercept-url pattern="/unauthorized" access="hasRole('ROLE_UNAUTHORIZED')" />
<security:intercept-url pattern="/unauthorized" access="!hasAuthority('ROLE_SUPER_ADMIN')" />
</security:http>
我试过了,但没有成功
参考图片,我以管理员身份登录,仍然可以从Url栏访问/未经授权
示例代码
<security:intercept-url pattern="/unauthorized" access="!hasAuthority('ROLE_SUPER_ADMIN')" />
<security:http auto-config='true' use-expressions="true">
<security:intercept-url pattern="/unauthorized" access="hasAnyRole('ROLE_UNAUTHORIZED')" />
<!-- permitAll is last in order. -->
<security:intercept-url pattern="/**" access="permitAll" />
</security:http>