这是我的 spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/dashboard.htm" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_DEMO')"/>
<intercept-url pattern="/dash/*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_DEMO')"/>
<form-login login-page="/index.htm"
default-target-url="/dashboard.htm"
authentication-failure-url="/loginfailed.htm" />
<logout logout-success-url="/logout.htm" invalidate-session="true" />
</http>
<beans:bean id="customUserService" class="edu.am.bigdata.web.service.impl.CustomUserServiceImpl"></beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="customUserService">
<password-encoder hash="md5"> </password-encoder>
</authentication-provider>
</authentication-manager>
</beans:beans>
如何防止访问一个特定的网址???我有一些控制器功能(即)网址 - /dash/* , /algo/*
即使用户拥有任何角色,我也需要阻止此 url,并且仅当他直接访问这些 url 时才将其显示为拒绝访问。但我的 Web 应用程序在内部使用此 URL。如果我像 localhost:8080/MyApp/dash/viz.htm 一样手动输入这个 url,这应该显示访问被拒绝。对于任何角色,不应访问这些 url。我该怎么做?