How to add page access restrictions in spring?

P

parkito2016-09-23 13:02:44

Java

parkito, 2016-09-23 13:02:44

Hello. Help, please solve the problem.
Wrote a simple spring-based application that has 3 pages. Each page has a servlet attached to it. Like this.

@RequestMapping(value = "/home", method = RequestMethod.POST)
    public String login(@Validated Beans user, Model model) {
        model.addAttribute("userName", user);
        return "user";
    }

The problem is that the user can access each page through the browser line.
It would be desirable to have the mechanism of protection as in normal servlets. You put everything in WEB-INF and until you forward it yourself, there is no access.
How can this be done in spring? Or is it necessary to dig towards spring-security?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

M

Mikhail Osher, 2016-09-23
@parkito

I have, for example, written like this. By /users/** - there is signup, signin, signout, so everyone has access.
The rest is for registered users only. You can write other rules.

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/ping", "/users/**")
                .permitAll()
            .anyRequest()
                .hasRole("USER");
    }