我有一个Spring安全的网络项目。我有不同的角色,如ROLE_ADMIN、ROLE_USER、ROLE_TESTER、ROLE_ANONYMOUS不同的截取网址,如:
<intercept-url pattern="/secure/admin/**" access="ROLE_ADMIN" />
<intercept-url pattern="/secure/**" access="ROLE_USER,ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_ADMIN" />
现在,如果有人试图访问 /secure/admin/user/list.mvc,我希望他被重定向到另一个登录表单,而不是正常的:
<form-login login-processing-url="/j_spring_security_check" login-page="/start.mvc"
authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"
/>
有没有可能这样做?
使用Spring Security
<!-- Configure realm for system administration users -->
<security:http pattern="/secure/admin/**" create-session="stateless">
<security:intercept-url pattern="/**" access='ROLE_ADMIN' requires-channel="https" />
...form login... etc
</security:http>
<!-- Configure realm for standard users -->
<security:http auto-config="true" access-denied-page="/error/noaccess" use-expressions="true" create-session="ifRequired">
<security:form-login login-page="/login"
...
...
</security:http>