我目前正在用spring-bot为我的小API实现安全,作为一个项目,当然没什么大不了的,但我想管理一些角色和东西。我一直在尝试添加.antMatchers(url(.hasRole(someRole(…更多的蚂蚁匹配器
当测试登录实际显示错误时(类型=禁止,状态=403(。
这是一些代码
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(userDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/control").hasRole("ADMIN")
.antMatchers("/", "/index","/img/*.jpg","/*.js","/*.css").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll();
}
@Bean
public PasswordEncoder getPasswordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
只是一个控制器,显示我的控制面板CRUD我的动物:p
@Controller
@RequestMapping("/control")
public class AdminController {
@Autowired
private AnimalService animalService;
@RequestMapping
public String getAnimals(Model model) {
List<Animal> animals = animalService.getAnimals();
List<Animal> cats = new ArrayList<Animal>();
List<Animal> dogs = new ArrayList<Animal>();
List<Animal> bunnys = new ArrayList<Animal>();
List<Animal> rats = new ArrayList<Animal>();
animals.forEach(animal -> {
animal.setStr(Base64.getEncoder().encodeToString(animal.getImg()));
if (animal.getType().equals("cat")) {
cats.add(animal);
}
if (animal.getType().equals("dog")) {
dogs.add(animal);
}
if (animal.getType().equals("bunny")) {
bunnys.add(animal);
}
if (animal.getType().equals("rat")) {
rats.add(animal);
}
});
model.addAttribute("cats", cats);
model.addAttribute("dogs", dogs);
model.addAttribute("bunnys", bunnys);
model.addAttribute("rats", rats);
return "control";
}
}
我希望你们能帮助我,我是初来乍到的春天。
DB元组
回复:这很简单,只需将角色保存在de DB中,如下所示:角色_角色名称