Authorization
建立了 how users will authenticate,还需要配置应用程序的授权规则。
Having established how users will authenticate, you also need to configure your application’s authorization rules.
Spring Security 中的高级授权功能是其受欢迎程度最令人信服的原因之一。无论你选择如何进行身份验证(无论是使用 Spring Security 提供的机制和提供程序,还是与容器或其他非 Spring Security 身份验证权限集成),授权服务都可以以一致且简单的方式在你的应用程序中使用。
The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity. Irrespective of how you choose to authenticate (whether using a Spring Security-provided mechanism and provider or integrating with a container or other non-Spring Security authentication authority), the authorization services can be used within your application in a consistent and simple way.
您应该考虑将授权规则附加到 request URIs 和 methods 开始。在下面,还有大量有关 how Spring Security authorization works 的详细信息,以及在建立基本模型后如何对其进行微调。
You should consider attaching authorization rules to request URIs and methods to begin. Below there is also wealth of detail about how Spring Security authorization works and how, having established a basic model, it can be fine-tuned.