如何使用< sec:authorize access =" hasRole('ROLES)">用于检查多个角色? [英] How to use <sec:authorize access="hasRole('ROLES)"> for checking multiple Roles?
问题描述
我希望使用Spring Security JSP taglib基于角色有条件地显示一些内容。
但是在Spring Security 3.1.x中只检查一个角色。
I want to display some content conditionally based on Roles using Spring Security JSP taglibs. But in Spring Security 3.1.x is checking for only one role.
我可以使用但 ifAllGranted 已被弃用。
I can use but ifAllGranted is deprecated.
任何帮助?
推荐答案
spring security中有一个特殊的安全表达式:
There is a special security expression in spring security:
hasAnyRole(角色列表) - 如果用户被授予任何
,则为true指定的角色(以逗号分隔的字符串列表给出)。
hasAnyRole(list of roles) - true if the user has been granted any of the roles specified (given as a comma-separated list of strings).
我从未使用它,但我认为它正是您正在寻找。
I have never used it but I think it is exactly what you are looking for.
示例用法:
<security:authorize access="hasAnyRole('ADMIN', 'DEVELOPER')">
...
</security:authorize>
这是指向参考文档的链接,其中描述了标准的spring安全表达式。另外,这里有一个讨论其中我描述了如何在需要时创建自定义表达式。
Here is a link to the reference documentation where the standard spring security expressions are described. Also, here is a discussion where I described how to create custom expression if you need it.
这篇关于如何使用< sec:authorize access =" hasRole('ROLES)">用于检查多个角色?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!