我想要的鑑別添加到我的RestController,但我不能找到任何好的文件或與Java配置任何樣品。Spring安全方法級別安全與Java配置+ REST身份驗證?
我試過,但它不工作(我可以訪問,而無需登錄的所有請求)
我的控制器都被註解@PreAuthorize
@RestController
@RequestMapping("/api/hello")
public class HelloController {
@RequestMapping(value = "/say", method = RequestMethod.GET)
public String sayHello() {
return "hello";
}
@PreAuthorize("hasRole('ROLE_USER')")
@RequestMapping(value = "/say/user", method = RequestMethod.GET)
public String sayHelloWithUserProtection(){
return "Hello USER";
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping(value = "/say/admin", method = RequestMethod.GET)
public String sayHelloWithAdminrProtection(){
return "Hello ADMIN";
}
}
SecurityConfig
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ComponentScan(basePackages = {"com.test.server.security"})
public class SecurityConfig {
@Autowired
public void configureAuthentification(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("admin").roles("USER","ADMIN");
}
@Configuration
public static class ApiWebConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/api/**")
.formLogin();
}
}
}
SecurityWebApplicationInitializer
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
我該如何讓它工作?
而有任何好的教程,使基於REST令牌(令牌,該令牌保存會話密鑰和其他自定義值)與JPA(或JDBC?)與Java的配置保存在數據庫認證?
我不明白,你能詳細解釋一下嗎?,我從web.xml開始我的Spring配置 – pazfernando 2015-11-27 00:08:19