0
所有的角色这是我的弹簧security.xml文件拒绝访问特定的网址,在春季安全
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/dashboard.htm" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_DEMO')"/>
<intercept-url pattern="/dash/*" access="hasAnyRole('ROLE_USER','ROLE_ADMIN','ROLE_DEMO')"/>
<form-login login-page="/index.htm"
default-target-url="/dashboard.htm"
authentication-failure-url="/loginfailed.htm" />
<logout logout-success-url="/logout.htm" invalidate-session="true" />
</http>
<beans:bean id="customUserService" class="edu.am.bigdata.web.service.impl.CustomUserServiceImpl"></beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="customUserService">
<password-encoder hash="md5"> </password-encoder>
</authentication-provider>
</authentication-manager>
</beans:beans>
如何防止访问一个特定的URL ??? 我有一些控制功能(即)网址 - /仪表/ *,/算法中/ *
我需要即使用户拥有任何作用,防止这个网址并显示为拒绝访问只有当他直接访问这些网址。但是我的web应用程序在内部使用这个URL。 如果我像localhost:8080/MyApp/dash/viz.htm手动键入此URL,则应显示访问被拒绝。对于任何角色,这些URL不应该被访问..我该怎么做?