基于Spring Security注释的配置 - 基于表单的登录被绕过

时间:2014-07-20 12:54:35

标签: java spring spring-mvc spring-security

我是Spring Security的新手。我一直致力于使用弹簧安全的爱好项目。在我的应用程序中,我有REST以及页面请求映射。 我想使用httpbasic进行REST,并使用基于表单的登录进行其他。我能够为REST弹出httbasic身份验证,但它也会弹出其他请求。 以下是我基于注释的弹簧安全配置:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(
                new PlaintextPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {


        // Home, Login and Logout pages are permitted to all
        http.authorizeRequests()
                .antMatchers("/home", "/rest/denied", "/rest/ping")
                    .permitAll();


        http.authorizeRequests()
            .antMatchers("/rest/**")
                .hasRole(Roles.ROLE_USER)
            .and()
                .httpBasic();

        // Authorization based calls for specific roles
        http.authorizeRequests()
            .antMatchers("/rest/user/**")
                .hasRole(Roles.ROLE_CREATE_USER)
            .antMatchers("/rest/database/**")
                .hasRole(Roles.ROLE_DB_ADMIN)
            .and().httpBasic();




        // Only authenticated users can continue
        http.authorizeRequests()
        .antMatchers("/**")
            .hasRole(Roles.ROLE_USER)
        .and().
            formLogin()
                .loginPage("/divein")
                .failureUrl("/divein?error")
                .usernameParameter("username")
                .passwordParameter("password")
                .permitAll()
        .and()
            .logout()
                .logoutUrl("/diveout")
                .logoutSuccessUrl("/divein?logout")
                .permitAll()
            .and()
                .csrf()
                .and()
                    .exceptionHandling()
                        .accessDeniedPage("/403");

    }
}

以下是日志:

18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/home'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/denied'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/ping'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/**'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/user/**'
18:08:37.041 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/rest/database/**'
18:08:37.042 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/somepage' matched by universal pattern '/**'
18:08:37.042 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /somepage; Attributes: [hasRole('ROLE_USER')]
18:08:37.042 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9054b1a2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: 09F57A48161AD5D009FAA9248907574F; Granted Authorities: ROLE_ANONYMOUS
18:08:37.061 [http-bio-8080-exec-52] DEBUG o.s.s.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@24c3b979, returned: -1
18:08:37.071 [http-bio-8080-exec-52] TRACE o.s.w.c.s.AnnotationConfigWebApplicationContext - Publishing event in Root WebApplicationContext: org.springframework.security.access.event.AuthorizationFailureEvent[source=FilterInvocation: URL: /somepage]
18:08:37.083 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83) ~[spring-security-core-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206) ~[spring-security-core-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115) ~[spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) ~[spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) ~[spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:150) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) [spring-security-web-3.2.4.RELEASE.jar:3.2.4.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) [spring-web-4.0.6.RELEASE.jar:4.0.6.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.54]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.54]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) [catalina.jar:7.0.54]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [catalina.jar:7.0.54]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) [catalina.jar:7.0.54]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171) [catalina.jar:7.0.54]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina.jar:7.0.54]
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) [catalina.jar:7.0.54]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) [catalina.jar:7.0.54]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) [catalina.jar:7.0.54]
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) [tomcat-coyote.jar:7.0.54]
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) [tomcat-coyote.jar:7.0.54]
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) [tomcat-coyote.jar:7.0.54]
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [na:1.6.0_38]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [na:1.6.0_38]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.54]
    at java.lang.Thread.run(Thread.java:662) [na:1.6.0_38]
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using Ant [pattern='/**', GET]
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Request '/somepage' matched by universal pattern '/**'
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.AntPathRequestMatcher - Checking match of request : '/somepage'; against '/**/favicon.ico'
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
18:08:37.084 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4cb8f09c, matchingMediaTypes=[application/json], useEquals=false, ignoredMediaTypes=[*/*]]]
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8]
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith text/html = false
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xhtml+xml
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xhtml+xml = false
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing image/webp
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith image/webp = false
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xml;q=0.9
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xml;q=0.9 = false
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing */*;q=0.8
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Ignoring
18:08:37.105 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Did not match any media types
18:08:37.106 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
18:08:37.106 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - Trying to match using NegatedRequestMatcher [requestMatcher=RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]]
18:08:37.106 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.NegatedRequestMatcher - matches = true
18:08:37.106 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.matcher.AndRequestMatcher - All requestMatchers returned true
18:08:37.108 [http-bio-8080-exec-52] DEBUG o.s.s.w.s.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:8080/CRMBS/somepage]
18:08:37.108 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.ExceptionTranslationFilter - Calling Authentication entry point.
18:08:37.108 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Trying to match using MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.ContentNegotiationManager@4cb8f09c, matchingMediaTypes=[application/atom+xml, application/x-www-form-urlencoded, application/json, application/octet-stream, application/xml, multipart/form-data, text/xml], useEquals=false, ignoredMediaTypes=[*/*]]
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - httpRequestMediaTypes=[text/html, application/xhtml+xml, image/webp, application/xml;q=0.9, */*;q=0.8]
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing text/html
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/atom+xml .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/x-www-form-urlencoded .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/octet-stream .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xml .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - multipart/form-data .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/xml .isCompatibleWith text/html = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xhtml+xml
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/atom+xml .isCompatibleWith application/xhtml+xml = false
18:08:37.109 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/x-www-form-urlencoded .isCompatibleWith application/xhtml+xml = false
18:08:37.111 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xhtml+xml = false
18:08:37.111 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/octet-stream .isCompatibleWith application/xhtml+xml = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xml .isCompatibleWith application/xhtml+xml = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - multipart/form-data .isCompatibleWith application/xhtml+xml = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/xml .isCompatibleWith application/xhtml+xml = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing image/webp
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/atom+xml .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/x-www-form-urlencoded .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/octet-stream .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xml .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - multipart/form-data .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - text/xml .isCompatibleWith image/webp = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - Processing application/xml;q=0.9
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/atom+xml .isCompatibleWith application/xml;q=0.9 = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/x-www-form-urlencoded .isCompatibleWith application/xml;q=0.9 = false
18:08:37.112 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/json .isCompatibleWith application/xml;q=0.9 = false
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/octet-stream .isCompatibleWith application/xml;q=0.9 = false
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.u.m.MediaTypeRequestMatcher - application/xml .isCompatibleWith application/xml;q=0.9 = true
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Match found! Executing org.springframework.security.web.authentication.DelegatingAuthenticationEntryPoint@24cee99e
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - Trying to match using RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.a.DelegatingAuthenticationEntryPoint - No match found. Using default entry point org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint@1bcb91e
18:08:37.113 [http-bio-8080-exec-52] DEBUG o.s.s.w.c.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
18:08:37.114 [http-bio-8080-exec-52] DEBUG o.s.s.w.c.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed

1 个答案:

答案 0 :(得分:0)

Spring Security中的HttpBasic是使用默认的标准配置进行设置。

此时,要了解有关Spring Security如何处理请求的更多信息,您可以阅读有关Spring Security FilterChain的内容。

http://docs.spring.io/spring-security/site/docs/3.0.x/reference/security-filter-chain.html