Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java 从数据库或属性获取Spring安全拦截URL_Java_Spring_Grails_Spring Mvc_Spring Security - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java 从数据库或属性获取Spring安全拦截URL

Java 从数据库或属性获取Spring安全拦截URL

java spring grails spring-mvc spring-security

Java 从数据库或属性获取Spring安全拦截URL,java,spring,grails,spring-mvc,spring-security,Java,Spring,Grails,Spring Mvc,Spring Security,希望这是非常简单的,存在的,我忽略了我鼻子底下的东西。我知道我可以通过注释限制访问: @Secured({"ROLE_ADMIN"}) 或通过配置: <security:intercept-url pattern="/**" access="ROLE_USER, ROLE_ADMIN, ROLE_SUPER_USER" /> 等等 请告诉我这个存在,否则我的大脑会爆炸!!!GrailsSpring安全插件附带了这个开箱即用的插件,所以我知道它必须存在。请不要让我的大脑爆炸 编辑:

希望这是非常简单的,存在的,我忽略了我鼻子底下的东西。我知道我可以通过注释限制访问:

@Secured({"ROLE_ADMIN"})
或通过配置:

<security:intercept-url pattern="/**" access="ROLE_USER, ROLE_ADMIN, ROLE_SUPER_USER" />
等等

请告诉我这个存在,否则我的大脑会爆炸!!!GrailsSpring安全插件附带了这个开箱即用的插件,所以我知道它必须存在。请不要让我的大脑爆炸

编辑:

我想出来了

您必须提供一个自定义的
org.springframework.security.intercept.web.FilterSecurityInterceptor
,并提供
objectDefinitionSource

<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="accessDecisionManager" ref="accessDecisionManager" />
    <property name="objectDefinitionSource">
        <value>
            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
            PATTERN_TYPE_APACHE_ANT
            /**login.html=IS_AUTHENTICATED_ANONYMOUSLY
            /user/**=ROLE_ADMIN
        </value>
    </property>
</bean>
递给它一把刀等

<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="accessDecisionManager" ref="accessDecisionManager" />
    <property name="objectDefinitionSource" ref="requestMappings" />
</bean>

<bean id="requestMappings" class="RequestMappingFactoryBean" />
已经有一段时间了,但您可以创建一个选民对象,帮助决定是否允许访问URL。投票者对象可以从数据库或文件加载数据,或者只是随机返回允许、拒绝或弃权。

您想在spring xml中使用类似的内容吗

<!-- Settings -->
<b:bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <b:property name="locations">
        <b:value>/WEB-INF/config.properties</b:value>
    </b:property>
</b:bean>


/WEB-INF/config.properties
然后在Spring XML中添加als:

<http entry-point-ref="authenticationProcessingFilterEntryPoint">
        <intercept-url pattern='/custom/**' access="${roles.admin}"/>
</http>
小范围的跟进…您的回答部分正确。与自定义对象定义源结合使用时,必须添加一个身份验证投票者:
请参阅 
<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    <security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
    <property name="authenticationManager" ref="authenticationManager" />
    <property name="accessDecisionManager" ref="accessDecisionManager" />
    <property name="objectDefinitionSource" ref="requestMappings" />
</bean>

<bean id="requestMappings" class="RequestMappingFactoryBean" />

<!-- Settings -->
<b:bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
    <b:property name="locations">
        <b:value>/WEB-INF/config.properties</b:value>
    </b:property>
</b:bean>

<http entry-point-ref="authenticationProcessingFilterEntryPoint">
        <intercept-url pattern='/custom/**' access="${roles.admin}"/>
</http>