Spring MVC Security Contraint - web.xml

Question

我试图在Spring MVC上保护我的控制器路径，如下所示：

的web.xml

<web-app version="3.0"
        xmlns="http://java.sun.com/xml/ns/javaee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
         http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
        metadata-complete="true">


    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath*:/applicationContext.xml</param-value>
    </context-param>

    <servlet>
        <servlet-name>myApp</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>myApp</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <welcome-file-list>
        <welcome-file>/welcomePage.jsp</welcome-file>
    </welcome-file-list>

    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>

    <security-constraint>
        <web-resource-collection>
            <web-resource-name>myApp</web-resource-name>
            <url-pattern>*.do</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description>allow all users</description>
            <role-name>*</role-name>
        </auth-constraint>
        <user-data-constraint>
            <description>
                Encryption is not required for the application in general.
            </description>
            <transport-guarantee>NONE</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

    <security-role>
        <description>Role to allow authentication</description>
        <role-name>INTERNET</role-name>
    </security-role>

</web-app>

myApp-servlet.xml（我不包括bean标签，所以不占用空间）

<mvc:annotation-driven />

<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/WEB-INF/views/"/>
    <property name="suffix" value=".jsp"/>
</bean>

<mvc:default-servlet-handler />

<import resource="classpath:applicationContext.xml"/>

我的控制器：

@Controller
public class HelloController {

    @RequestMapping(value = "/home.do", method = RequestMethod.GET)
    public ModelAndView getHome(HttpSession httpSession) {

        return new ModelAndView("home");
    }
}

我的home.jsp位于/ WEB-INF / views /

现在即使我已经登录，我也收到了home.jsp

的403状态

是否有更合适的方法来隔离控制器路径并正常返回请求的jsp？