0
所有的角色這是我的彈簧security.xml文件拒絕訪問特定的網址,在春季安全
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/dashboard.htm" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_DEMO')"/>
<intercept-url pattern="/dash/*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_DEMO')"/>
<form-login login-page="/index.htm"
default-target-url="/dashboard.htm"
authentication-failure-url="/loginfailed.htm" />
<logout logout-success-url="/logout.htm" invalidate-session="true" />
</http>
<beans:bean id="customUserService" class="edu.am.bigdata.web.service.impl.CustomUserServiceImpl"></beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="customUserService">
<password-encoder hash="md5"> </password-encoder>
</authentication-provider>
</authentication-manager>
</beans:beans>
如何防止訪問一個特定的URL ??? 我有一些控制功能(即)網址 - /儀表/ *,/算法中/ *
我需要即使用戶擁有任何作用,防止這個網址並顯示爲拒絕訪問只有當他直接訪問這些網址。但是我的web應用程序在內部使用這個URL。 如果我像localhost:8080/MyApp/dash/viz.htm手動鍵入此URL,則應顯示訪問被拒絕。對於任何角色,這些URL不應該被訪問..我該怎麼做?