Question

我需要做什么才能不要求在主页上登录？这是applicationContext-Security.xml

的一部分

<http auto-config="true" use-expressions="true">
    <form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
    <logout logout-url="/resources/j_spring_security_logout" />
    <!-- Configure these elements to secure URIs in your application -->
    <intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/member/**" access="isAuthenticated()" />
    <intercept-url pattern="/resources/**" access="permitAll" />
    <intercept-url pattern="/login/**" access="permitAll" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
</http>

Answer 1

你试过这个吗？

<http pattern="/home" security='none' />

将其与您的标记放在同一级别

Answer 2

尝试这样的事情：

<http auto-config="true" use-expressions="true">
    <form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
    <logout logout-url="/resources/j_spring_security_logout" />
    <!-- Configure these elements to secure URIs in your application -->
    <intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/member/**" access="isAuthenticated()" />
    <intercept-url pattern="/resources/**" access="permitAll" />
    <intercept-url pattern="/login/**" access="permitAll" />
    <intercept-url pattern="/index" access="permitAll" /> <!-- new -->
    <intercept-url pattern="/" access="permitAll" /> <!-- new -->
    <intercept-url pattern="/**" access="isAuthenticated()" />
</http>

intercep-url按顺序进行评估并使用第一个匹配权限。因此，如果在“/ **”之前添加“/ index”和“/”模式，则将应用此匹配。

Spring Security无需登录

2 个答案: