问题
I have the following spring security configuration:
<security:http>
......
<security:intercept-url pattern="/auth/**" access="ROLE_ADMIN"/>
.........
</security:http>
I would like to log every case when "ROLE_ADMIN" user hits any of "/auth/**" URL pattern.
Can I put some kind of interceptor on this pattern?
回答1:
I had to do the same thing. Use an @Aspect which fires for every execution of a handler method in your /auth/ controller. Annotate the class as a @Component so its a Spring bean, add the AspectJ @Aspect annotation, and you can then inspect the JoinPoint for whatever the user is doing - method signature, objects, etc. Write whatever you find to an audit table.
See http://static.springsource.org/spring/docs/current/reference/aop.html for full details. I would think a @Before or @After would work for your purposes.
来源:https://stackoverflow.com/questions/6810067/security-access-audit