在Spring Security中，拦截URL上未正确应用访问权限

Question

我在project-security.xml文件中编写了以下代码。

<security:http name="dbservice" pattern="/pages" use-expressions="true" entry-point-ref="WMSecAuthEntryPoint" authentication-manager-ref="authenticationManager">
        <security:intercept-url pattern="/pages/Test" access="hasAnyRole('ROLE_admin')"/>
    </security:http>

    <security:http name="common" auto-config="false" use-expressions="true" entry-point-ref="WMSecAuthEntryPoint" disable-url-rewriting="true" authentication-manager-ref="authenticationManager">
        <security:intercept-url pattern="/app.variables.json" access="isAuthenticated()"/>
        <security:intercept-url pattern="/pages/topnav/**" access="isAuthenticated()"/>
        <security:intercept-url pattern="/pages/rightnav/**" access="isAuthenticated()"/>
        <security:intercept-url pattern="/pages/leftnav/**" access="isAuthenticated()"/>
        <security:intercept-url pattern="/pages/header/**" access="isAuthenticated()"/>
        <security:intercept-url pattern="/pages/footer/**" access="isAuthenticated()"/>
        <security:intercept-url pattern="/pages/Main/**" access="isAuthenticated()"/>
        <security:intercept-url pattern="/index.html" access="isAuthenticated()"/>
        <security:request-cache ref="nullRequestCache"/>
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="WMSecAuthFilter"/>
        <security:intercept-url pattern="/app.css" access="permitAll"/>
        <security:intercept-url pattern="/config.js" access="permitAll"/>
        <security:intercept-url pattern="/config.json" access="permitAll"/>
        <security:intercept-url pattern="/app.js" access="permitAll"/>
        <security:intercept-url pattern="/types.js" access="permitAll"/>
        <security:intercept-url pattern="/login.html" access="permitAll"/>
        <security:intercept-url pattern="/pages/Login/**" access="permitAll"/>
        <security:intercept-url pattern="/pages/Common/**" access="permitAll"/>
        <security:intercept-url pattern="/themes/**" access="permitAll"/>
        <security:intercept-url pattern="/resources/**" access="permitAll"/>
        <security:intercept-url pattern="/**/app/build/application/**" access="permitAll"/>
        <security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>
        <security:intercept-url pattern="/services/security/**" access="permitAll"/>
        <security:intercept-url pattern="/securityService.json" access="permitAll"/>
        <security:intercept-url pattern="/" access="isAuthenticated()"/>
        <security:intercept-url pattern="/**" access="isAuthenticated()"/>
        <security:remember-me key="WM_APP_KEY" services-ref="rememberMeServices"/>
    </security:http>

问题是模式“/ pages / Test”不会受到所有用户（admin以外的用户）的限制。他们可以访问此网址。

而我放的时候      在“常见”http部分中的这一行然后它的工作原理。

请注意，我想让它在上面的场景中工作，因为我可以明智地管理我的网址。