Spring Security 2.x正在拦截http:servername/webAppName。根据我的理解,filter="none"应该丢弃任何不需要访问角色的URL的Spring Security过滤器链。有人知道为什么这个设置会拦截所有未声明的网址(/listing,/load),包括基本网址吗?
<http auto-config="true" entry-point-ref="entryPoint" session-fixation-protection="none">
<intercept-url pattern="/listing/pages/*" filters="none"/>
<intercept-url pattern="/load/page/*" filters="none"/>
<intercept-url pattern="/admin/*" access="ROLE_USER"/>
<intercept-url pattern="/secret/*" access="ROLE_USER"/>
<intercept-url pattern="/**" filters="none"/>
<http-basic/>
</http>
答案 0 :(得分:-1)
试试这个,
<security:http auto-config="true" entry-point-ref="entryPoint" session-
fixation-protection="none">
<http-basic/>
<intercept-url pattern="/admin/*" access="ROLE_USER"/>
<intercept-url pattern="/secret/*" access="ROLE_USER"/>
<intercept-url pattern="/listing/pages/*" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/load/page/*" access="ROLE_ANONYMOUS"/>
<intercept-url pattern="/**" access="ROLE_ANONYMOUS"/>
</security:http>
是的,检查你的xmlns名称空间是否有弹簧安全性,这样可以吗?