Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Spring Safety Filter Chains

0
0

When using Spring Security you map a chain of filters to URL patters to specify how those URLs are secured. These patterns can contain wildcards such as

/foo/*/bar /foo/**/bar

I couldn't find any docs for these wildcards, but my guess is that the first pattern would match

/foo/baz/bar

but not

/foo/baz/baz/bar

whereas the second pattern ( /foo/**/bar ) would match both of these

maybe this code will help:

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:http auto-config="true"> <security:intercept-url pattern="/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/logout.do" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/fail2login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/json/*.do" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/*" access="ROLE_ADMIN" /> <security:form-login login-page="/login.do" default-target-url="/home.do" authentication-failure-url="/fail2login.do" /> <security:session-management> <security:concurrency-control max-sessions="1" /> </security:session-management> <security:logout logout-success-url="/logout.do" delete-cookies="JSESSIONID" invalidate-session="true" /> </security:http> <security:authentication-manager> <security:authentication-provider> <security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select userName, password, status from User where userName=?" authorities-by-username-query="select us.userName, ur.userRoleName from User us, UserRole ur where ur.userName =? " /> </security:authentication-provider> </security:authentication-manager> </beans>


Viewing all articles
Browse latest Browse all 12749