java Spring和Angular的安全级别,使用JHipster

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了java Spring和Angular的安全级别,使用JHipster相关的知识,希望对你有一定的参考价值。

<!-- 
Conditionally includes an HTML element if current user has any
of the authorities passed as the `expression`.
-->

<some-element *jhiHasAnyAuthority="'ROLE_ADMIN'">...</some-element>

<some-element *jhiHasAnyAuthority="['ROLE_ADMIN', 'ROLE_USER']">...</some-element>
@RestController
@RequestMapping("/api")
public class RestController {
  
  
  @PostMapping("/respostas")
  @Timed
  // set the autorization level before the access of the method
  @PreAuthorize("hasAnyAuthority('ROLE_CLIENT_TOTEM','ROLE_ADMIN')")
  public ResponseEntity<Resposta> createResposta(@Valid @RequestBody Resposta resposta) throws URISyntaxException {
    
    // ....
  }
}
@Configuration
@Import(SecurityProblemSupport.class)
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
  // ....
  
  // static resources are ignored by security
  @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring()
            .antMatchers(HttpMethod.OPTIONS, "/**")
            .antMatchers("/app/**/*.{js,html}")
            .antMatchers("/i18n/**")
            .antMatchers("/content/**")
            .antMatchers("/swagger-ui/index.html")
            .antMatchers("/test/**")
            .antMatchers("/h2-console/**");
    }
    
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class)
            .exceptionHandling()
            .authenticationEntryPoint(problemSupport)
            .accessDeniedHandler(problemSupport)
        .and()
            .csrf()
            .disable()
            .headers()
            .frameOptions()
            .disable()
        .and()
            .sessionManagement()
            .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .authorizeRequests()
            // set access privileges at a lower level here
            // define the api's address and the level of security
            .antMatchers("/api/register").denyAll()
            .antMatchers("/api/activate").permitAll()
            .antMatchers("/api/authenticate").permitAll()
            .antMatchers("/api/account/reset-password/init").permitAll()
            .antMatchers("/api/account/reset-password/finish").permitAll()
            .antMatchers("/api/profile-info").permitAll()
            .antMatchers("/api/**").authenticated()
            .antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN)
            .antMatchers("/websocket/**").permitAll()
            .antMatchers("/management/health").permitAll()
            .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN)
            .antMatchers("/v2/api-docs/**").permitAll()
            .antMatchers("/swagger-resources/configuration/ui").permitAll()
            .antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN)
        .and()
            .apply(securityConfigurerAdapter());

    }

以上是关于java Spring和Angular的安全级别,使用JHipster的主要内容,如果未能解决你的问题,请参考以下文章

发布请求不适用于 Spring 安全性和 Angular 5

使用 Java 配置和 Spring Security 3.2 的安全方法注释

如何使用 Rest 和 Spring 安全性通过 ldap 登录 Angular?

无法理解 JWT 和 Java (Spring Boot)。这个应用程序安全吗?

在 Jersey 和 Spring SAML 安全 SSO 验证之后路由到 Angular 组件

Spring 安全性和 Angular javascript 重定向到登录页面