问题描述
我一直在寻找答案,但是找不到任何有成效的东西
I was looking for the answer for a long time but couldnt find anything productive
在我的休息服务中,我在/account/{id}/download下保留了一些功能,我想在SecurityConfig java文件中设置acces ROLE,只有ROLE_TOKENSAVED用户可以访问该URL
In my rest service I keep some functionality under: /account/{id}/download and I would like to set the acces ROLE in SecurityConfig java file, that only ROLE_TOKENSAVED users can access this url
{id}可变时,模式应如何显示?
How should the pattern look like, when {id} is changeable?
我尝试了一些正则表达式模式,但没有达到我想要的效果,这是我的一些尝试:
I tried some regexp patterns, but nothing worked as I wanted, here are some of my attempts:
1. antMatchers("account/**/download").access(somerolehere)
2. antMatchers("account/\\d/download").access(somerolehere)
3. antMatchers("account/[\\d]/download").access(somerolehere)
提前感谢您的回答:)
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin**").access("hasRole('ROLE_ADMIN')")
.antMatchers("/account*//**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
.antMatchers("/account/\\d+/download").access("hasRole('ROLE_TOKENSAVED')")
.antMatchers("/user**").permitAll()
//othercode...
}
推荐答案
这对我有用:
antMatchers("/account/{\\d+}/download").access("hasAnyAuthority('ROLE_TOKENSAVED')")
请注意代表ID的路径变量周围的花括号.
Notice the curly braces around the path variable representing the ID.
这篇关于具有可更改URL用户ID的antMatchers Spring Security模式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!