Spring 安全 and() 函数
Spring security and() function
你能简单解释一下为什么我们需要在 HttpSecurity 中使用 and() 方法吗
代码:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").hasAnyRole("Employee", "Manager", "HR")
.antMatchers("/hr_info").hasRole("HR")
.antMatchers("/manager_info/**").hasRole("Manager")
.and().formLogin().permitAll();
}
spring安全reference解释如下
The Java Configuration equivalent of closing an XML tag is expressed
using the and() method which allows us to continue configuring the
parent. If you read the code it also makes sense. I want to configure
authorized requests and configure form login and configure HTTP Basic
authentication.
据此,你用自己的设置说如下:
- 确保对我们应用程序的任何请求都需要对用户进行身份验证,
- 只允许对指定角色的某些链接进行身份验证,
- 允许用户使用基于表单的登录进行身份验证。
你能简单解释一下为什么我们需要在 HttpSecurity 中使用 and() 方法吗
代码:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").hasAnyRole("Employee", "Manager", "HR")
.antMatchers("/hr_info").hasRole("HR")
.antMatchers("/manager_info/**").hasRole("Manager")
.and().formLogin().permitAll();
}
spring安全reference解释如下
The Java Configuration equivalent of closing an XML tag is expressed using the and() method which allows us to continue configuring the parent. If you read the code it also makes sense. I want to configure authorized requests and configure form login and configure HTTP Basic authentication.
据此,你用自己的设置说如下:
- 确保对我们应用程序的任何请求都需要对用户进行身份验证,
- 只允许对指定角色的某些链接进行身份验证,
- 允许用户使用基于表单的登录进行身份验证。