Spring Security Application Development (16) expression-based access control

1.1.1. General Expressions

Spring Security uses a spring EL -based expression for access control. The built-in expressions are shown in the following table:

An expression	Describe
Hasrole (role)	Whether the current principal (principal) supports role roles. Support returns true
Hasanyrole (Role1,role2)	Whether the current principal supports any of the roles in Role1,role2.
Hasauthority (Authority)	Similar to hasrole (role) .
Hasanyauthority (Authority1,authority2)	Similar to hasanyrole (role1,role2) .
Principal	Gets the principal of the current login, not a boolean
Authentication	Obtains the current authentication object, not a boolean
Permitall	Always returns true
Denyall	Always returns false
Isanonymous ()	Whether the current principal is an anonymous user
Isrememberme ()	Whether the current principal is a "Remember Me" user, an authenticated user without a full authentication
IsAuthenticated ()	Whether the current principal is a non-anonymous user
Isfullyauthenticated ()	Whether the current principal is not an anonymous user or a "Remember Me" user
Haspermission (object target, Object Permission	Whether the current principal has permission access to the target object .
Haspermission (Object Targetid, String TargetType, Object Permission	Whether the current principal is Targetid, the object of type targetType is accessed by perssion .

Note:

1. role names start with Role_ by default . The value of this prefix is determined by Defaultwebsecurityexpressionhandler. Class of Defaultroleprefix property is determined.

2. in hasrole (role) role " in use spring Security4 When you add role_ prefix, also can not prefix, no overtime spring Security will be added automatically role_ prefix. hasauthority (authority)  

3. in Spring Security4 ,hasrole () and hasauthority () are in fact the same meaning.

They're all The methods in the Securityexpressionroot class are eventually called the hasanyauthorityname () method.

1.1.2. WEB -expression

Spring Security4 provides the following WEB -specific expressions.

An expression	Describe
Hasipaddress (Ip/netmask)	Whether the client address matches the IP address and netmask in the parameter

Note:

1.web dedicated expression in ip is dotted decimal ip address string, netmask (1 Span style= "font-family: Arial" > to 32)

The specific matching method is implemented in the ipaddressmatcher ip address and matching parameters in Span style= "Font-family:calibri" >ip addresses are converted to 4 1

Below this configuration will only allow to admin /admin/ url 127.0.0.1 localhost localhost Access may be ipv6 127.0.0.1 ip address with 127 ip address.

<pattern= "/admin/**"  access= "hasipaddress (' 127.0.0.1/24 ') and Hasrole (' role_admin ') "/>

Spring Security Application Development (16) expression-based access control