我在春季安全方面颇有新意。我正在做以下代码。
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/sign" access="isAnonymous()" />
<intercept-url pattern="/signup" access="isAnonymous()" />
<intercept-url pattern="/panel/signin" access="isAnonymous()" />
<intercept-url pattern="/singout" access="permitAll" />
<intercept-url pattern="/panel/**" access="hasRole(ROLE_USER)" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/signin" default-target-url="/home" authentication-failure-url="/signin" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="userLoginService">
<password-encoder hash="plaintext"/>
</authentication-provider>
</authentication-manager>
我想为匿名用户打开signin,注册,/ panel / sigin,/ panel / signup,但想要限制其余的url。但是当我使用这段代码时,它会在浏览器上显示“Infinity loop”错误。
当我删除一行时 然后它很好但不限制网址。
某些人可以更正此代码。
答案 0 :(得分:1)
当您尝试访问某些安全网址时,应用程序会将您重定向到登录页面,但由于/singin也是安全的(最后一个过滤器/**使其受到限制),该应用会尝试重定向到一次又一次登录页面。
在顶部添加<intercept-url pattern="/singin" filters="none" />或permitAll。
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/singin" filters="none" />
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/sign" access="isAnonymous()" />
<intercept-url pattern="/signup" access="isAnonymous()" />
<intercept-url pattern="/panel/signin" access="isAnonymous()" />
<intercept-url pattern="/singout" access="permitAll" />
<intercept-url pattern="/panel/**" access="hasRole(ROLE_USER)" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login login-page="/signin" default-target-url="/home" authentication-failure-url="/signin" />
<logout logout-success-url="/logout" />
</http>