本文介绍如何使用SpringSecurity 4.2.1版本进行权限配置,包括对URL拦截及用户认证的具体实现方式。通过对比两种不同的配置方法,展示了如何正确设置访问权限。
解决方法,我用的spirngsecurity jar包的版本是4.2.1,我原来springsecurity.xml里面的配置文件是这样写的:
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="user"
authorities="ROLE_USER"/>
<security:user name="root" password="root"
authorities="ROLE_USER,ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
后来我改为下面这样就OK了,代码如下:
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="user"
authorities="ROLE_USER"/>
<security:user name="root" password="root"
authorities="ROLE_USER,ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
