...
Below, a FilterSecurityInterceptor
is defined along with an AccessDecisionManager
. The two beans are associated through the accessDecisionManager
property. The objectDefinitionSource
property associates URL patterns with the role required to view pages that match the URL pattern. RoleVoter
specifies that if any role on the right hand side of the equals is granted to the user, the user may view any page that matches that URL pattern.
Code Block |
---|
| xml |
---|
| xml |
---|
title | applicationContext-spring-security.xmlxml |
---|
|
<bean id="filterInvocationInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager">
<ref local="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref local="httpRequestAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
<![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
// some lines omitted
\A/login.*\Z=Anonymous,Authenticated
\A/admin.*\Z=Admin
// some lines omitted
\A/logout.*\Z=Anonymous
\A/.*\Z=Authenticated
]]>
</value>
</property>
</bean>
<bean id="httpRequestAccessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
|
Code Block |
---|
| xml |
---|
| xml |
---|
title | applicationContext-common-authorization.xmlxml |
---|
|
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value="" />
</bean>
|