Spring Security <http> and <intercept-url> template attributes

Question

Spring Security <http> and <intercept-url> template attributes

I saw Spring. OAuth2 security samples have this defined in spring-servlet.xml.

   <http pattern="/users/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
      access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
    <anonymous enabled="false" />
    <intercept-url pattern="/photos" access="ROLE_USER,SCOPE_READ" />
    <intercept-url pattern="/photos/trusted/**" access="ROLE_CLIENT,SCOPE_TRUST" />
    <intercept-url pattern="/photos/user/**" access="ROLE_USER,SCOPE_TRUST" />
    <intercept-url pattern="/photos/**" access="ROLE_USER,SCOPE_READ" />
    <custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
    <access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

Is the attribute patternin the tag httpvalid? I could not find his definition in spring-security-2.0.1.xsd. If so, what is the relationship of this template with the attribute intercept-url pattern? Take, for example, does the interception route have a /photos/user/**final match interception path /users/photos/user/**? Thank.

+4

spring-security spring-security-oauth2

thlim Oct 3 '14 at 10:53

source share

2 answers

spring 4 haseRole ('ADMIN'), .

.

+1

jins varghese 21 . '16 4:41

Shaun the Sheep · Accepted Answer · 2014-10-03T16:57:30+0000

pattern 3.1, . Spring 2 ( ).

intercept-url , URI , http. , , , , - , .

, /photos . , , /users/photos.

Spring Security <http> and <intercept-url> template attributes

More articles: