在Spring Security中使用参数访问URL [英] Accessing URL with params in Spring Security
本文介绍了在Spring Security中使用参数访问URL的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我是Spring Security的新手,在使用路径变量或参数验证特定的URL时遇到问题.
I am new in Spring Security and have an issue with authenticating specific URLs with path variables or parameters.
假设我有一些网址:/messages/1其中1是用户的ID.
Let's say I have some URL: /messages/1 where 1 is an user's ID.
我想做的是仅允许ID = 1的用户使用此URL访问页面.
What I want to do is to let ONLY user with ID=1 accessing page with this URL.
如果用户通过了身份验证,Spring Security允许访问某些内容,但是如何使身份验证更狭窄?
Spring Security allows accessing some content if user is authenticated, but how can I make authentication more narrow?
推荐答案
假定您在UserDetails中具有id属性:
@RequestMapping(value="/messages/{userId}", method=HttpMethod.GET)
@PreAuthorize("#userId == authentication.principal.id")
public List<Message> getMessages(@PathVariable String userId) {
// retrieve from DAO here
}
确保在安全配置中启用了前/后注释.
Make sure you have enabled pre/post-annotations in your security config.
这篇关于在Spring Security中使用参数访问URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
