本文详细介绍了如何在Spring WebFlow中利用<secured>元素来确保状态、转换和整个流程的安全性。通过配置<secured>元素,可以限制只有具有特定权限的用户才能访问特定的状态、执行特定的转换或执行整个流程。
States, transitions, and entire flows can be secured in Spring Web Flow by using the <secured> element as a child of those elements. For example, to secure access to a view state, you might use <secured> like this:
1 <view-state id="restricted"> 2 <secured attributes="ROLE_ADMIN" match="all"/> 3 </view-state>
As configured here, access to the view state will be restricted to only users who are granted ROLE_ADMIN access (per the attributes attribute). The attributes attribute takes a comma-separated list of authorities that the user must have to gain access to the state, transition, or flow. The match attribute can be set to either any or all . If it’s set to any , then the user must be granted at least one of the authorities listed in attributes . If it’s set to all , then the user must have been granted all the authorities.You may be wondering how a user is granted the authorities checked for by the <secured> element.
扫一扫
7815
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
