我有一个使用spring 3.2.8.RELEASE和spring security 3.2.3.RELEASE的应用程序。我想更新版本以便更准时。我已将spring更改为4.1.6.RELEASE和security 4.0.1.RELEASE。之后在我的context.xml中显然更改名称空间,所以我做了例如
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd至http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
现在,当我想登录我的应用程序时,我有403错误 - 未经授权。 但是在context.xml中我觉得配置是正确的
<security:intercept-url pattern="/rest/user/authenticate" access="permitAll"/>
context.xml中的完整安全配置
<security:http
realm="Protected API"
use-expressions="true"
auto-config="false"
create-session="always"
entry-point-ref="unauthorizedEntryPoint"
authentication-manager-ref="authenticationManager">
<security:custom-filter ref="authenticationTokenProcessingFilter" position="FORM_LOGIN_FILTER" />
<security:intercept-url pattern="/rest/user/authenticate" access="permitAll" />
<security:intercept-url method="GET" pattern="/rest/news/**" access="hasRole('user')" />
<security:intercept-url method="PUT" pattern="/rest/news/**" access="hasRole('admin')" />
<security:intercept-url method="POST" pattern="/rest/news/**" access="hasRole('admin')" />
<security:intercept-url method="DELETE" pattern="/rest/news/**" access="hasRole('admin')" />
<security:logout delete-cookies="SESSIONID" logout-success-url="/" invalidate-session="true"/>
</security:http>
我无法找到任何有关如何解决此问题的信息 - 我还需要做出哪些改变?
顺便说一下。前端是棱角分明的,unauthorizedEntryPoint没有发射。