1. 基于xml的配置方式
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
</auth-constraint>
</security-constraint>
2. springboot项目,容器是jetty,版本 springboot 2.X
@Bean
public JettyServletWebServerFactory createJettyServletWebServerFactory() {
return new JettyServletWebServerFactory(){
@Override
protected void postProcessWebAppContext(WebAppContext webAppContext) {
HttpConstraintElement disable = new HttpConstraintElement(ServletSecurity.EmptyRoleSemantic.DENY);
HttpMethodConstraintElement put = new HttpMethodConstraintElement("PUT", disable);
HttpMethodConstraintElement delete = new HttpMethodConstraintElement("DELETE", disable);
HttpMethodConstraintElement head = new HttpMethodConstraintElement("HEAD", disable);
ServletSecurityElement sse = new ServletSecurityElement(Arrays.asList(put, delete, head));
List<ConstraintMapping> mappings = ConstraintSecurityHandler.createConstraintsWithMappingsForPath("disable", "/*", sse);
ConstraintSecurityHandler csh = new ConstraintSecurityHandler();
csh.setConstraintMappings(mappings);
webAppContext.setSecurityHandler(csh);
}
};
}
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)