Fix typo in the 'Authorizing Requests' example
The example request matcher listed "/resources/**", while the explanation (3) used "/static/" instead.
This commit is contained in:
aaron-to-go
Marcus Hert Da Coregio
parent
ba851266c5
commit
d99e98515c
|
|
@ -749,7 +749,7 @@ SecurityFilterChain web(HttpSecurity http) throws Exception {
|
||||||
Each rule is considered in the order they were declared.
|
Each rule is considered in the order they were declared.
|
||||||
<2> Dispatches `FORWARD` and `ERROR` are permitted to allow {spring-framework-reference-url}web.html#spring-web[Spring MVC] to render views and Spring Boot to render errors
|
<2> Dispatches `FORWARD` and `ERROR` are permitted to allow {spring-framework-reference-url}web.html#spring-web[Spring MVC] to render views and Spring Boot to render errors
|
||||||
<3> We specified multiple URL patterns that any user can access.
|
<3> We specified multiple URL patterns that any user can access.
|
||||||
Specifically, any user can access a request if the URL starts with "/resources/", equals "/signup", or equals "/about".
|
Specifically, any user can access a request if the URL starts with "/static/", equals "/signup", or equals "/about".
|
||||||
<4> Any URL that starts with "/admin/" will be restricted to users who have the role "ROLE_ADMIN".
|
<4> Any URL that starts with "/admin/" will be restricted to users who have the role "ROLE_ADMIN".
|
||||||
You will notice that since we are invoking the `hasRole` method we do not need to specify the "ROLE_" prefix.
|
You will notice that since we are invoking the `hasRole` method we do not need to specify the "ROLE_" prefix.
|
||||||
<5> Any URL that starts with "/db/" requires the user to have both been granted the "db" permission as well as be a "ROLE_ADMIN".
|
<5> Any URL that starts with "/db/" requires the user to have both been granted the "db" permission as well as be a "ROLE_ADMIN".
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue