我检查了几个博客/ doc / stackoverflow论坛条目,但我仍然不知道我做错了什么
我想授予任何人访问URL的权限。 webpack.admin.config.js
不起作用,因为我有自定义过滤器。所以我想创建一个单独的 permitAll
元素并使用 http
设置但到目前为止没有成功。
security="none"
控制器:
<security:http pattern="/status" security="none"/>
<!-- ******************** rules with encryption and HMAC authentication ******************** -->
<security:http create-session="stateless" use-expressions="true" authentication-manager-ref="authenticationManager" auto-config="true" entry-point-ref="http403EntryPoint" pattern="/**">
<!-- HMAC only -->
<security:intercept-url pattern="/utils/logheaderpattern/check" access="authenticated" />
<security:intercept-url pattern="/executionflow/approve" access="authenticated" />
<security:intercept-url pattern="/executionflow/approve_and_forced_start" access="authenticated" />
<security:intercept-url pattern="/utils/maintenancewindow/next/**" access="authenticated" />
<security:intercept-url pattern="/executionflow/start/manual" access="authenticated" />
<security:intercept-url pattern="/executionflow/start/eventlife" access="authenticated" />
<security:intercept-url pattern="/executionflow/skip/eventlife" access="authenticated" />
<security:intercept-url pattern="/executionflow/start/scheduled" access="authenticated" />
<security:intercept-url pattern="/utils/cron/nextrun" access="authenticated" />
<!-- HMAC and encryption (set in encryptionFilter) -->
<security:intercept-url pattern="/worker/command/**" access="authenticated" />
<security:intercept-url pattern="/worker/event" access="authenticated" />
<security:intercept-url pattern="/worker/system/**" access="authenticated" />
<!-- deny all others -->
<security:intercept-url pattern="/**" access="denyAll" />
<security:csrf disabled="true" />
<security:custom-filter ref="encryptionFilter" before="FORM_LOGIN_FILTER"/>
<security:custom-filter ref="hmacAuthenticationFilter" after="FORM_LOGIN_FILTER"/>
</security:http>
<!-- ******************** Defining the authentication manager ******************** -->
<security:authentication-manager erase-credentials="false" id="authenticationManager">
<security:authentication-provider user-service-ref="fileBasedUserDetailsService">
</security:authentication-provider>
</security:authentication-manager>
Spring Boot初始化程序
@Controller
public class WebController {
@RequestMapping(value = "/status", method = RequestMethod.GET)
public String redirect() {
return "redirect:/pages/status.html";
}
}
我一直得到
@Configuration
@ImportResource({"classpath:applicationContext.xml", "classpath:securityContext.xml"})
@ComponentScan(basePackages = {"org.reaction.engine.controller",
"org.reaction.engine.persistence.service",
"org.reaction.engine.persistence.converter",
"org.reaction.engine.service",
"org.reaction.engine.scheduling.utils"})
@EnableAutoConfiguration
public class WebInitializer extends SpringBootServletInitializer implements WebApplicationInitializer {
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(WebInitializer.class);
}
public static void main(String[] args) throws Exception {
SpringApplication.run(WebInitializer.class, args);
}
}
异常。有什么想法吗?
答案 0 :(得分:0)
<security:intercept-url pattern="/**" access="denyAll" />
无论您为其他资源定义了什么子模式,都不允许访问任何资源。
将您的模式更改为
之类的内容<security:intercept-url pattern="/secure/**" access="denyAll" /> /*add an extra folder and shift the resources there */
和
<security:intercept-url pattern="/**" access="permitAll()" />
答案 1 :(得分:0)
这是Spring Boot / Spring Security中的错误/缺失功能,请参阅
可能有一些解决方法,一种是使用Java配置而不是XML配置。