我有这个配置:
<bean id="customizedFilterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accesDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source use-expressions="true" >
<security:intercept-url pattern="/css/**" access="permitAll" />
<security:intercept-url pattern="/js/**" access="permitAll" />
<security:intercept-url pattern="/externe*.do" access="permitAll" />
<security:intercept-url pattern="/*.do" access="isAuthenticated() or isRememberMe()" />
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="externeServiceInterceptor" class="fr.global.commun.springSecurity.MySecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
...
<property name="securityMetadataSource">
<security:filter-security-metadata-source use-expressions="true" >
<security:intercept-url pattern="/externe*.do" access="isAuthenticated()" />
</security:filter-security-metadata-source>
</property>
问题是所有以/externe开头的请求都会在登录页面上重定向,如果我删除了/*.do,我就不会访问Interceptor,而是直接访问struts行动Externe *。
答案 0 :(得分:0)
xml文件中的这个条目是遗忘的:
<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/externe*.do" filters="externeServiceInterceptor" />
</security:filter-chain-map>
</bean>