@Override protected void configure(HttpSecurity http) throws Exception { //如果配置为需要登录 if (needLogin) { http .authorizeRequests() .antMatchers("/keepalived", "/revision","/static/**").permitAll() .antMatchers("/manager/**").hasRole("ADMIN") .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/index",true) .permitAll() .and() .logout().permitAll();
} }
配置如上所示。但是需要注意,检查的是ADMIN角色,库里存的字段要是ROLE_ADMIN,而不是ADMIN。
The HttpServletRequest.isUserInRole(String) will determine if
SecurityContextHolder.getContext().getAuthentication().getAuthorities()contains aGrantedAuthoritywith the role passed intoisUserInRole(String). Typically users should not pass in the "ROLE_" prefix into this method since it is added automatically. For example, if you want to determine if the current user has the authority "ROLE_ADMIN", you could use the following:boolean isAdmin = httpServletRequest.isUserInRole("ADMIN");This might be useful to determine if certain UI components should be displayed. For example, you might display admin links only if the current user is an admin.
5995
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
