弹簧安全性不能与“安全性"参数匹配.格式? [英] Spring-security cannot match "?parameter" format?

查看:295
本文介绍了弹簧安全性不能与“安全性"参数匹配.格式?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

当我通过<http>节点中的applicationContext-security.xml中的spring-roo生成的配置文件来学习时,我使用spring-security来保护我的网站:

I use spring-security to secure my web, when I'm learning it by spring-roo generated config file in applicationContext-security.xml, in <http> node:

 <intercept-url pattern="/userses?form" access="hasRole('ROLE_ADMIN')" />

这意味着当您要创建一个Users对象时,首先需要登录以获得ADMIN权限.但是实际上它没有用.检查日志:

It means when you want to create a Users object, firstly you need to login to get ADMIN permission. But actually it didn't work. Check the log:

2012-05-06 11:39:11,250 [http-8088-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/userses'; against '/userses?form'

该框架使用/userses而不是/userses?form进行比较,由于字符串不匹配而跳过了身份验证过程.为了验证这一点,我还尝试了另一个URL:

The framework use the /userses instead of /userses?form to compare with, authentication process skipped as string didn't match. To verify this I also try another url:

<intercept-url pattern="/userses/abc" access="hasRole('ROLE_ADMIN')" />

我请求了/userses/abc,它检测到用户未被授权,并移至/login页面,检查了日志:

I requested the /userses/abc, it detected user is not authorized, and moved to /login page, checked the log:

2012-05-06 11:46:44,343 [http-8088-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/uesrses/abc'; against '/userses/abc'

所以我的问题是:spring-secure 3是否不支持?parameter"模式,或者我错过了一些配置以支持该模式? PS:所有代码都是由roo生成的,没有修改,也想知道为什么它不起作用.

So my question is: Doesn't spring-secure 3 support "?parameter" pattern or I missed something to config to support this? PS: All the code is generated by roo without modification, also wonder why it doesn't work.

推荐答案

默认情况下

By default spring security uses ant style matching, which can't match on parameters. Regex matching, however, can match on parameters

尝试像这样定义它:

<http request-matcher="regex">
  <security:intercept-url pattern="\A/userses\?form.*\Z" access="hasRole('ROLE_ADMIN')" />
</http>

不知道为什么Roo不会自动执行此操作.似乎应该如此.

Don't know why Roo doesn't do this automatically. Seems like it should.

这篇关于弹簧安全性不能与“安全性"参数匹配.格式?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆