SPRING IN ACTION 第4版笔记-第九章Securing web applications-010-拦截请求
2016-03-08 11:39
501 查看
一、
What if you wanted to restrict access to certain roles only on Tuesday?
Using the access() method, you can also use SpEL as a means for declaring access requirements. For example, here’s how you could use a SpEL expression to require ROLE_SPITTER access for the /spitter/me URL pattern:
This security constraint placed on /spitter/me is equivalent to the one we started
with, except that now it uses SpEL to express the security rules. The hasRole() expres-
sion evaluates to true if the current user has been granted the given authority.
With Spring Security’s SpEL expressions at your disposal, you can do more than just
limit access based on a user’s granted authorities. For example, if you wanted to lock
down the /spitter/me URL s to not only require ROLE_SPITTER , but to also only be
allowed from a given IP address, you might call the access() method like this:
What if you wanted to restrict access to certain roles only on Tuesday?
Using the access() method, you can also use SpEL as a means for declaring access requirements. For example, here’s how you could use a SpEL expression to require ROLE_SPITTER access for the /spitter/me URL pattern:
.antMatchers("/spitter/me").access("hasRole('ROLE_SPITTER')")
This security constraint placed on /spitter/me is equivalent to the one we started
with, except that now it uses SpEL to express the security rules. The hasRole() expres-
sion evaluates to true if the current user has been granted the given authority.
With Spring Security’s SpEL expressions at your disposal, you can do more than just
limit access based on a user’s granted authorities. For example, if you wanted to lock
down the /spitter/me URL s to not only require ROLE_SPITTER , but to also only be
allowed from a given IP address, you might call the access() method like this:
.antMatchers("/spitter/me") .access("hasRole('ROLE_SPITTER') and hasIpAddress('192.168.1.2')")
相关文章推荐
- 初学者android studio external libraries 中jar包添加失败解决方法
- Android Studio JNI 流程
- object-c常见的知识点-1
- Eclipse+Maven创建webapp项目<二>
- ViewPager的使用
- IOS单选框的实现
- Android开发笔记之:Handler Runnable与Thread的区别详解
- Android系统开发学习须知
- Objective-C中关于isEqual与“==”的区别解析
- android RecyclerView 完全解析
- 隐藏在微信支付中的坑
- Eclipse+Maven创建webapp项目<一>
- Error retrieving parent for item: No resource found that matches the given name 'android:TextAppearance.Material.Widget.Button.Inverse'.
- iOS 开发技巧-制作环形进度条
- 初学者在android创建的项目包生成的R.java文件找不到或找到了但发现跟项目包名不一致问题
- Objective-C的AutoreleasePool与Runloop的关联
- iOS开发之自定义表情键盘(组件封装与自动布局)
- asp.net+js+ajax实现手机移动端页面预览、剪裁、上传头像图片
- iOS开发笔记--先弄清楚这里的学问,再来谈iOS内存管理与优化(二)
- Android Studio 报错