2. 질의 응답
  3. 브라우저에서 REST URL의 액세스를 제한하십시오.

브라우저에서 REST URL의 액세스를 제한하십시오.

2015-01-16 3 views
0

브라우저에서 REST URL의 액세스를 제한하는 방법, security.xml에서 필요한 변경 사항을 안내 해주시기 바랍니다. 내 웹 응용 프로그램은 봄 MVC 프레임 워크에서 실행됩니다.브라우저에서 REST URL의 액세스를 제한하십시오.

<?xml version="1.0" encoding="UTF-8"?> 
<beans:beans xmlns="http://www.springframework.org/schema/security"  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p" 
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> 

<http pattern="/images/**" security="none" /> 
<http pattern="/styles/**" security="none" /> 
<http pattern="/scripts/**" security="none" /> 
<http pattern="/assets/**" security="none" /> 


<http auto-config="true"> 
    <intercept-url pattern="/app/admin/**" access="ROLE_ADMIN" /> 
    <intercept-url pattern="/app/passwordHint*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER" /> 
    <intercept-url pattern="/app/requestRecoveryToken*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER, ROLE_PHYSICIAN, ROLE_PRACTICE_STAFF" /> 
    <intercept-url pattern="/app/updatePassword*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER, ROLE_PHYSICIAN, ROLE_PRACTICE_STAFF" /> 
    <intercept-url pattern="/app/signup*" access="ROLE_ADMIN" /> 
    <intercept-url pattern="/app/practice*" access="ROLE_ADMIN"/> 
    <!-- <intercept-url pattern="/app/patientReports*" access="ROLE_ADMIN"/> -->   
    <intercept-url pattern="/app/mediaFile/**" access="ROLE_ANONYMOUS"/> 
    <intercept-url pattern="/app/**" access="ROLE_ADMIN, ROLE_USER, ROLE_PHYSICIAN, ROLE_PRACTICE_STAFF" /> 
    <form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check" /> 
    <remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" /> 
</http> 

<authentication-manager> 
    <authentication-provider user-service-ref="userDao"> 
     <password-encoder ref="passwordEncoder"> 
     </password-encoder> 
    </authentication-provider> 
</authentication-manager> 


<!-- Override the default password-encoder (BCrypt) by uncommenting the following and changing the class --> 
<!-- <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> --> 

<global-method-security> 
    <protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))" access="ROLE_ADMIN" /> 
    <protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN" /> 
</global-method-security>

출처

2015-01-16 rsr

답변

0

당신은 Spring security manual을 읽을나요?

특정 역할에 대한 나머지 URL에 대한 액세스를 제한해야합니다. 사용자를 통해 이러한 역할을 얻는 방법은 설정에 따라 다릅니다. REST 호출의 경우 폼 로그인이 아니라 기본 인증을 원할 것입니다.

출처

2015-01-17 08:29:52 Jasha

관련 문제

 관련 문제