@RestController
public class ApplicationController {
@PermitAll
@RequestMapping(value = "/", method = RequestMethod.GET)
public String index() {
return "Greetings from ContextConfig Boot!";
}
@RolesAllowed({"ADMIN"})
@RequestMapping(value = "/secured", method = RequestMethod.GET)
public String secured() {
return "Secured :)";
}
}
令牌在标头“X-AUTH-TOKEN”中发送。
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(jsr250Enabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
}
}
这个实际的弹簧安全配置。当用户在标头中发送令牌和角色“ADMIN”时如何配置 Spring Security,他将被允许访问“安全”?