Spring Security, Boot: Security Rules not working as excepted

0 投票
最新提问 用户: (120 分)

I am very new to spring boot and I am trying to implement spring security and session management using spring boot in my application.

  1. I want to restrict all the urls entered without logging into application

  2. I want to restrict direct page access from static folder. but now i can access index.html page without login to application Example: localhost:8080/view/pages/index.html

  3. I want to know when exactly security class get called

The spring security version that I use is 1.5.3.RELEASE. can anyone please tell me how i can achieve spring security rules and session management. Thanks in advance for helping

Following is my code added in security config class extending WebSecurityConfigurerAdapter

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    private UserDetailsService userDetailsService;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
                    .maximumSessions( 1 )
                    .expiredUrl( "/sessionExpired" )
                    .maxSessionsPreventsLogin( true )
                        .sessionCreationPolicy( SessionCreationPolicy.IF_REQUIRED );

    protected void configure(AuthenticationManagerBuilder auth) throws Exception 
发表于 用户: (100 分)
Please ask a question. Also describe what the result of your code is (maybe output if needed)


0 投票
最新回答 用户: (140 分)

Try this code, and here the "ADMIN" is a role. It can be "ROLE_ADMIN" in spring, based on how you want to configure the roles.

        .antMatchers("/", "/login.html", "/logout.html").permitAll()
        .antMatchers("/index.html").hasAnyRole("ADMIN")      .and().formLogin().loginPage("/login.html").failureUrl("/login.html").defaultSuccessUrl("/index.html")
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。