安全访问审核 [英] Security access audit

问题描述

我有以下春季安全配置：

I have the following spring security configuration:

 <security:http>
   ......
     <security:intercept-url pattern="/auth/**"  access="ROLE_ADMIN"/>
   ......... 
</security:http>

当ROLE_ADMIN用户点击任何/ auth / **时，我想记录每个案例网址格局。

I would like to log every case when "ROLE_ADMIN" user hits any of "/auth/**" URL pattern.

我可以在这种模式上设置某种拦截器吗？

Can I put some kind of interceptor on this pattern?

推荐答案

我必须做同样的事情。使用 @Aspect ，它会在 / auth / 控制器中每次执行处理程序方法时触发。将类注释为 @Component ，使其成为一个Spring bean，添加 AspectJ @Aspect 注释，然后您可以检查 JoinPoint ，无论用户在做什么 - 方法签名，对象等。将您发现的任何内容写入审计表。

I had to do the same thing. Use an @Aspect which fires for every execution of a handler method in your /auth/ controller. Annotate the class as a @Component so its a Spring bean, add the AspectJ @Aspect annotation, and you can then inspect the JoinPoint for whatever the user is doing - method signature, objects, etc. Write whatever you find to an audit table.

参见 http://static.springsource.org/spring/docs/current/reference/aop.html 了解完整详情。我认为 @Before 或 @After 可以用于您的目的。

See http://static.springsource.org/spring/docs/current/reference/aop.html for full details. I would think a @Before or @After would work for your purposes.

这篇关于安全访问审核的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！