0

I'd like to use a spring bean with spring security to determine if a page should be shown. Below is a psudocode example of what I would like to do: 

<security:http use-expressions="true">
    <security:intercept-url pattern="/devlogin.html" access="someBean.isNotProduction()" />
</security:http>

I'm aware that the above doesn't work, but hopefully it functions as an example of what I'm looking for. I don't want to just tell Spring "allow access for such and such role" but rather "allow access if you're running on a test system". Am I in luck and some such solution exists, or is this not what I should expect from Spring Security? (Maybe I'll even hear from someone that having a page such as this is a big security no-no, which I'm open to criticism on.)

4

1 回答 1

0

在生产中开发(或测试)特定代码/页面在我的书中始终是不可行的,但正如我所说的,这就是我的书:)。

访问属性被解析并且可能包含一个SpEL 表达式。您发布的示例代码几乎是正确的,只需在它前面加上 @ 就可以了

security:http use-expressions="true">
  <security:intercept-url pattern="/devlogin.html" access="@someBean.isNotProduction()" />
</security:http>

这应该适用于 Spring Security 3.0 及更高版本。

可能的相关答案,尽管那是为了方法安全。

于 2013-08-23T07:09:32.030 回答