spring引导蚂蚁匹配器参数
我想对以下每个URL授予权限:spring引导蚂蚁匹配器参数,spring,spring-boot,spring-security,web-development-server,Spring,Spring Boot,Spring Security,Web Development Server,我想对以下每个URL授予权限: .antMatchers("/myPage?param1=tata*").hasRole("tata") .antMatchers("/myPage?param1=toto*").hasRole("toto") 我有两个URL: http://localhost:3000/myPage?param1=tata¶m2=0001 http://localhost:3000/myPage?param1=toto¶m2=0001 如果U
.antMatchers("/myPage?param1=tata*").hasRole("tata")
.antMatchers("/myPage?param1=toto*").hasRole("toto")
我有两个URL:
http://localhost:3000/myPage?param1=tata¶m2=0001
http://localhost:3000/myPage?param1=toto¶m2=0001
如果URL是键入的,并且有“
tata
”作为参数,我只想通过角色“tata
”访问,而“toto
”也是如此,那么您可以使用RegexRequestMatcher
而不是AntPathRequestMatcher
http
.authorizeRequests()
.regexMatchers("\/myPage\?param1=tata(&.*|$)"). hasRole('tata')
.regexMatchers("\/myPage\?param1=toto(&.*|$)"). hasRole('toto')
AntPathRequestMatcher
不匹配参数,正如您可以从
RegexRequestMatcher
将获取请求路径和
问题在于,我不知道我是否只放了一个或两个或其他什么?
private String getRequestPath(HttpServletRequest request) {
if (this.urlPathHelper != null) {
return this.urlPathHelper.getPathWithinApplication(request);
}
String url = request.getServletPath();
String pathInfo = request.getPathInfo();
if (pathInfo != null) {
url = StringUtils.hasLength(url) ? url + pathInfo : pathInfo;
}
return url;
}
public boolean matches(HttpServletRequest request) {
if (httpMethod != null && request.getMethod() != null
&& httpMethod != valueOf(request.getMethod())) {
return false;
}
String url = request.getServletPath();
String pathInfo = request.getPathInfo();
String query = request.getQueryString();
if (pathInfo != null || query != null) {
StringBuilder sb = new StringBuilder(url);
if (pathInfo != null) {
sb.append(pathInfo);
}
if (query != null) {
sb.append('?').append(query);
}
url = sb.toString();
}
if (logger.isDebugEnabled()) {
logger.debug("Checking match of request : '" + url + "'; against '" + pattern
+ "'");
}
return pattern.matcher(url).matches();
}