Spring security - allow navigation but protecting some pages

StackOverflow https://stackoverflow.com/questions/23417732

Question

I would like to allow the user to navigate through the site but restrict access to some operations/pages where he must be logged in to do so. How do I achieve this using spring security configuration?

I'm not sure if spring security is the way though.

Était-ce utile?

La solution

within your spring security configuration, you can do something like this:

<intercept-url pattern="/admin/**" access="ROLE_ADMIN" requires-channel="https" />
<intercept-url pattern="/secure/**" access="ROLE_USER, ROLE_ADMIN" requires-channel="https" />
<intercept-url pattern="/**" access="permitAll" requires-channel="any" />

Then prefix all of your protected pages with /secure/. This will allow people to navigate the entire site except pages in /secure/ and /admin/

Also, instead of ROLE_USER, you can use IS_AUTHENTICATED_FULLY (as opposed to IS_AUTHENTICATED_REMEMBERED or IS_AUTHENTICATED_ANONYMOUSLY)

The requires-channel is only if you are using https, which you should be if you are trying to protect content.

Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow
scroll top