问题
What is the difference between WebExpressionVoter and AuthenticatedVoter in spring security? What I know is AuthenticatedVoter will search for strings IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED (cookie) and vote for yes in corresponding cases. But I am not sure of WebExpressionVoter even afetr reading available spring docs. Please any one explain me about WebExpressionVoter. Thanks in advance.
回答1:
Take a look at Web Security Expressions.
The WebExpressionsVoter is enabled by the use-expressions="true" setting on http element config. For example:
<http use-expressions="true">
<intercept-url pattern="/admin*" access="hasRole('admin')"/>
...
</http>
The above example allows you to use SpEL expressions in the intercept-url element attribute access. The expression hasRole('admin') expression is evaluated against an expression root object, for example, a base class of SecurityExpressionRoot -> WebSecurityExpressionRoot
来源:https://stackoverflow.com/questions/36975740/difference-between-webexpressionvoter-and-authenticatedvoter-in-spring-security