绕过弹簧安全

时间:2013-02-22 13:13:21

标签: spring spring-security

我有一个网络服务,我希望每个人都能访问这项服务。

web.xml中的

<filter>
    <filter-name>springSecurityFilterChainRendering</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>
    <filter-mapping>
           <filter-name>springSecurityFilterChainRemoting</filter-name>
           <url-pattern>/cxf/*</url-pattern>
    </filter-mapping> 

在filters-chain-remoting.xml中

       <bean id="springSecurityFilterChainRemoting" class="org.springframework.security.util.FilterChainProxy">
    <security:filter-chain-map path-type="ant">
        <!-- Remoting: stateful WebServices; 
            httpSessionContextIntegrationFilter creates SecurityContext 
            and populates it with information obtained from the HttpSession. 
            contextFilter supplies context with 
            the current project for the current HTTP user session; 
            securityFilter authenticates the user. -->

         <security:filter-chain pattern="/cxf/KioskService/**"
            filters="none"/>

        <security:filter-chain pattern="/cxf/**"
            filters="httpSessionContextIntegrationFilter, contextFilter,securityFilter"/>

    </security:filter-chain-map>
</bean>

我该怎么做才能绕过这些过滤器,每个人都使用这项服务。服务名称KioskService

1 个答案:

答案 0 :(得分:1)

从以下位置更改web.xml过滤器映射定义:

<url-pattern>/cxf/*</url-pattern>

仅截取您想要安全的网址。