安全访问审核 [英] Security access audit
问题描述
我有以下春季安全配置:
I have the following spring security configuration:
<security:http>
......
<security:intercept-url pattern="/auth/**" access="ROLE_ADMIN"/>
.........
</security:http>
当ROLE_ADMIN用户点击任何/ auth / **时,我想记录每个案例网址格局。
I would like to log every case when "ROLE_ADMIN" user hits any of "/auth/**" URL pattern.
我可以在这种模式上设置某种拦截器吗?
Can I put some kind of interceptor on this pattern?
推荐答案
我必须做同样的事情。使用 @Aspect
,它会在 / auth /
控制器中每次执行处理程序方法时触发。将类注释为 @Component
,使其成为一个Spring bean,添加 AspectJ
@Aspect
注释,然后您可以检查 JoinPoint
,无论用户在做什么 - 方法签名,对象等。将您发现的任何内容写入审计表。
I had to do the same thing. Use an @Aspect
which fires for every execution of a handler method in your /auth/
controller. Annotate the class as a @Component
so its a Spring bean, add the AspectJ
@Aspect
annotation, and you can then inspect the JoinPoint
for whatever the user is doing - method signature, objects, etc. Write whatever you find to an audit table.
参见 http://static.springsource.org/spring/docs/current/reference/aop.html 了解完整详情。我认为 @Before
或 @After
可以用于您的目的。
See http://static.springsource.org/spring/docs/current/reference/aop.html for full details. I would think a @Before
or @After
would work for your purposes.
这篇关于安全访问审核的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!