具有多个角色的Spring安全性访问 [英] Spring security access with multiple roles
问题描述
我想为具有以下角色之一(ROLE1或ROLE2)的用户定义某些页面的访问权限
I want to define access for some pages for user who has one of following roles (ROLE1 or ROLE2)
我正在尝试在我的spring security xml文件中进行如下配置:
I'm trying to configure this in my spring security xml file as following:
<security:http entry-point-ref="restAuthenticationEntryPoint" access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security" use-expressions="true">
<!-- skipped configuration -->
<security:intercept-url pattern="/rest/api/myUrl*" access="hasRole('ROLE1') or hasRole('ROLE2')" />
<!-- skipped configuration -->
</security:http>
我尝试了多种方式,例如:
I've tried various ways like:
access="hasRole('ROLE1, ROLE2')"
access="hasRole('ROLE1', 'ROLE2')"
access="hasAnyRole('[ROLE1', 'ROLE2]')"
等
但似乎没有任何作用.
我一直都在例外
java.lang.IllegalArgumentException: Unsupported configuration attributes:
或
java.lang.IllegalArgumentException: Failed to parse expression 'hasAnyRole(['ROLE1', 'ROLE2'])'
应如何配置?
谢谢
推荐答案
问题是我配置了自定义access-decision-manager-ref="accessDecisionManager"
并没有通过其中一位选民.
The problem was that I configured custom access-decision-manager-ref="accessDecisionManager"
and didn't pass one of the voters.
通过在accessDecisionManager
bean中添加org.springframework.security.web.access.expression.WebExpressionVoter
来解决.
Solved by adding org.springframework.security.web.access.expression.WebExpressionVoter
to accessDecisionManager
bean.
这篇关于具有多个角色的Spring安全性访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!