我正在尝试使用Ping Federate配置一个过滤器来运行我的Web应用程序的预身份验证。我希望在访问所有资源时运行此过滤器,除了' / login'。
也就是说,除了' / login'。
之外,每个页面都应该通过一个过滤器我正在使用Spring Security 3.2,我理解使用
<security:http pattern="/login" auto-config="true" security="none">
是新的写作方式
<intercept-url pattern="/login*" filters="none" />
然而,当添加安全性=&#39;无&#39;在我的XML配置文件中,当我访问localhost:8080 / login时,仍然会选择过滤器。
以下是我的XML配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<context:annotation-config />
<context:property-placeholder />
<security:global-method-security
pre-post-annotations="enabled" />
<bean id="resourceLoader" class="com.foo.bar.ResourceLoader">
<constructor-arg value="${PING_IDENTITY_CONFIG_FILE_NAME}" />
</bean>
<bean id="openTokenReader" class="com.foo.bar.OpenTokenReader" />
<security:http pattern="/login" use-expressions="true" security="none" />
<security:http use-expressions="true" auto-config="true"
entry-point-ref="http403EntryPoint">
<security:custom-filter position="PRE_AUTH_FILTER"
ref="openTokenFilter" />
<security:session-management
invalid-session-url="/login" />
<security:session-management>
<security:concurrency-control
max-sessions="1" error-if-maximum-exceeded="true" />
</security:session-management>
<security:logout />
</security:http>
<bean id="openTokenFilter"
class="com.foo.bar.OpenTokenRequestAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="logoutURL" value="${PING_IDENTITY_LOGOUT_URL}" />
<property name="authenticationFailureHandler">
<bean
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/login" />
</bean>
</property>
</bean>
<bean id="preauthAuthProvider"
class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService">
<bean id="userDetailsServiceWrapper"
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="customUserDetailsService" />
</bean>
</property>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="preauthAuthProvider" />
</security:authentication-manager>
<bean id="customUserDetailsService" class="com.foo.bar.UserDetailsServiceImpl"></bean>
<bean id="http403EntryPoint"
class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"></bean>
</beans>
我已经尝试了几乎所有我能想到的东西以及一些应该完全直截了当的东西我已经很长时间无法弄清楚这个问题了。