I have a single page application and i want to use spring security. In spring-security.xml file, i must give a url to prevent a user.
For example:
<security:intercept-url pattern="/#cities" access="isAuthenticated"/>
After this configuration when i try to enter without authentication
"localhost:8082/project_name/#cities"
It isn't preventing me. I can access the page.
I think, it happens because of that the URL is not real URL. There is only one page. (index.html)
How can i solve this problem? I am sorry about my bad english. Thank You!
You cannot secure Routes on the back end, as nothing after the # sign in a URL is ever sent up to the server. You can secure PAGES and ajax endpoints, but you can't secure Routes (the thing after the hash #).
In your sample url there, you can only secure the /project_name part of the URL. If you don't want people to access the /project_name/#cities, then you'll need to make that a different page.
If you want to secure the #cities views, you'll need to either stop that module from rendering to the client (make sure the .js file that contains the #cities code doesn't get sent down), or you could make it so the #cities views have to retrieve data and secure the ajax endpoints instead.
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다