我有以下servlet定义:
<servlet>
<servlet-name>licenseGenService</servlet-name>
<servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>licenseGenService</servlet-name>
<url-pattern>/remoting/licensing</url-pattern>
</servlet-mapping>
<!-- Restful API Servlet-->
<servlet>
<servlet-name>licensingRestService</servlet-name>
<servlet-class>
com.sun.jersey.spi.spring.container.servlet.SpringServlet
</servlet-class>
<init-param>
<param-name>
com.sun.jersey.config.property.packages
</param-name>
<param-value>
com.mydomain.licensing.rest
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>licensingRestService</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
然后是以下安全过滤器:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
因此,基于我所阅读的内容,带有/*的网址模式会被具有显式网址的人覆盖。这适用于我的servlet。事情是,我不希望licenseGenService servlet需要基本身份验证。如何将安全过滤器定义为仅应用于REST servlet,而不是licenseGenService?
答案 0 :(得分:1)
您可以在应用程序上下文xml中配置需要授权的URL。
<http use-expressions="true">
<intercept-url pattern="/remoting/licensing/**" filters="none" />
</http>
答案 1 :(得分:1)
我最终将以下内容放在我的安全应用程序上下文中:
<http pattern="/remoting/**" security="none"/>
这适用于Spring 3.1