1
我有这样的配置:春季安全始终是登录页面重定向
<bean id="customizedFilterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accesDecisionManager"/>
<property name="securityMetadataSource">
<security:filter-security-metadata-source use-expressions="true" >
<security:intercept-url pattern="/css/**" access="permitAll" />
<security:intercept-url pattern="/js/**" access="permitAll" />
<security:intercept-url pattern="/externe*.do" access="permitAll" />
<security:intercept-url pattern="/*.do" access="isAuthenticated() or isRememberMe()" />
</security:filter-security-metadata-source>
</property>
</bean>
<bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<property name="loginFormUrl">
<value>/login.jsp</value>
</property>
<property name="forceHttps">
<value>false</value>
</property>
</bean>
<bean id="externeServiceInterceptor" class="fr.global.commun.springSecurity.MySecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
...
<property name="securityMetadataSource">
<security:filter-security-metadata-source use-expressions="true" >
<security:intercept-url pattern="/externe*.do" access="isAuthenticated()" />
</security:filter-security-metadata-source>
</property>
的问题是,所有以/externe开始请求登录页面上的重定向,如果我删除/*.do,我没有访问拦截器,但直接在struts action Externe *上。
确定请求匹配'/ externe * .do'?你可以在DEBUG模式下运行spring安全(在log4j.properties中添加'log4j.logger.org.springframework.security = DEBUG')并在请求'externe * .do'后显示输出吗? – Xaerxess 2012-07-12 13:05:33
嗯,这是一个白痴的错误...我忘了补充: 安全:filter-chain pattern =“/ externe * .do”filters =“externeServiceInterceptor”/> – 2012-07-12 13:28:59
在这样的问题中,Spring Security总是首先进行DEBUG; ) – Xaerxess 2012-07-12 13:32:21