具有可变 URL 用户 ID 的 antMatchers Spring Security 模式 [英] antMatchers Spring Security pattern with changeable URL user ID

问题描述

我一直在寻找答案，但找不到任何有用的东西

I was looking for the answer for a long time but couldnt find anything productive

在我的休息服务中，我将一些功能保留在:/account/{id}/download 下，我想在 SecurityConfig java 文件中设置访问角色，只有 ROLE_TOKENSAVED 用户可以访问此网址

In my rest service I keep some functionality under: /account/{id}/download and I would like to set the acces ROLE in SecurityConfig java file, that only ROLE_TOKENSAVED users can access this url

当 {id} 可变时，模式应该是什么样子的?

How should the pattern look like, when {id} is changeable?

我尝试了一些正则表达式模式，但没有任何效果，以下是我的一些尝试:

I tried some regexp patterns, but nothing worked as I wanted, here are some of my attempts:

1. antMatchers("account/**/download").access(somerolehere)
2. antMatchers("account/\d/download").access(somerolehere)
3. antMatchers("account/[\d]/download").access(somerolehere)

预先感谢您的回答:)

    @Override
    protected void configure(HttpSecurity http) throws Exception {            
        http.authorizeRequests()
                .antMatchers("/admin**").access("hasRole('ROLE_ADMIN')")
                .antMatchers("/account*//**").access("hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')")
                .antMatchers("/account/\d+/download").access("hasRole('ROLE_TOKENSAVED')")
                .antMatchers("/user**").permitAll()
                //othercode...
    }

推荐答案

这对我有用:

antMatchers("/account/{\d+}/download").access("hasAnyAuthority('ROLE_TOKENSAVED')")

注意表示 ID 的路径变量周围的花括号.

Notice the curly braces around the path variable representing the ID.

这篇关于具有可变 URL 用户 ID 的 antMatchers Spring Security 模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！