Spring Security从数据库授权请求值 [英] Spring security Authorize Requests value from database
问题描述
我想在服务器启动时从数据库配置授权请求"值.目前,我在Java类文件中提供了核心价值,有什么方法可以从数据库中读取同样的内容.
I want to configure Authorize Requests value from database on server start up. Currently I am giving hard core value in Java class file, is there any way to read the same from database.
下面是示例代码:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/signup", "/about").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")
.anyRequest().authenticated()
.and()
// ...
.formLogin();
}
如何从数据库读取URL,例如:/admin/**从数据库而不是类文件中的硬代码值
How to read url from database for eg : /admin/** from database instead of hard code value in class files
推荐答案
您可以使用Spring JDBC 支持.首先,您需要设置一个数据库.然后,您可以检索行并进行适当处理.
You can use Spring JDBC support. First of all you need to setup a database. Then, you can retrieve the rows and process them appropriately.
您应该有一个表,在该表中有行,并用/admin/**
和/db/**
填充一列.另一列应填充角色访问信息.之后,通过遵循本教程,您应该检索这些行.假设您具有以下实体类:
You should have a table, where you have rows and a column is filled with like /admin/**
and /db/**
. The other column should be filled with role access information. After that, by following the tutorial, you should retrieve these rows. Let's assume you have following entity class:
class Matcher {
public String name;
public String roleInfo;
}
然后,您可以遍历 Matcher
实体进行配置:
Then, you can iterate over the Matcher
entities for configuration:
http.authorizeRequests()
.antMatchers("/resources/**", "/signup", "/about").permitAll();
for (Matcher matcher : matchers) {
http.authorizeRequests().antMatchers(matcher.name).access(matcher.roleInfo);
}
http.authorizeRequests().anyRequest().authenticated()
.and()
// ...
.formLogin();
这篇关于Spring Security从数据库授权请求值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!