Spring Security 2.x正在拦截http:servername/webAppName
。根据我的理解,filter="none"
应该丢弃任何不需要访问角色的URL的Spring Security筛选器链。任何人都知道为什么这个设置拦截所有未声明的URL(/listing
,/load
),包括基本URL?Spring Security url-interceptor leak at/*
<http auto-config="true" entry-point-ref="entryPoint" session-fixation-protection="none">
<intercept-url pattern="/listing/pages/*" filters="none"/>
<intercept-url pattern="/load/page/*" filters="none"/>
<intercept-url pattern="/admin/*" access="ROLE_USER"/>
<intercept-url pattern="/secret/*" access="ROLE_USER"/>
<intercept-url pattern="/**" filters="none"/>
<http-basic/>
</http>
看看http://stackoverflow.com/questions/10513688/apply-security-none-to-context-root-and-static-resources-spring-security-versi – dur
谢谢。会看看我是否可以有类似的东西。该链接涵盖了spring安全3.1 – MAXStack