authorizeRequests()
时间: 2023-10-09 17:05:37 浏览: 34
authorizeRequests() is a method provided by Spring Security that allows for configuring authorization rules for HTTP requests. It is typically used in the configuration class that extends WebSecurityConfigurerAdapter.
authorizeRequests() takes no arguments and returns an object of type ExpressionUrlAuthorizationConfigurer. This object can be used to configure authorization rules for different URL patterns.
For example, the following code configures authorization rules for two different URL patterns:
```java
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated()
.and()
.formLogin();
}
```
In this example, the first antMatchers() method configures authorization rules for URLs starting with "/admin/". The hasRole() method requires that the user has the "ADMIN" role to access these URLs. The second antMatchers() method configures authorization rules for URLs starting with "/user/". The hasAnyRole() method requires that the user has either the "USER" or "ADMIN" role to access these URLs. Finally, the anyRequest() method configures a default rule that requires all other URLs to be authenticated. The formLogin() method configures a login page for users to authenticate themselves.