1

我有这个配置:

<bean id="customizedFilterSecurityInterceptor"
        class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="accessDecisionManager" ref="accesDecisionManager"/>
    <property name="securityMetadataSource">
        <security:filter-security-metadata-source use-expressions="true" >
            <security:intercept-url pattern="/css/**" access="permitAll" />
            <security:intercept-url pattern="/js/**" access="permitAll" />
            <security:intercept-url pattern="/externe*.do" access="permitAll" />
            <security:intercept-url pattern="/*.do" access="isAuthenticated() or isRememberMe()" />
        </security:filter-security-metadata-source>
    </property>
</bean>

<bean id="loginUrlAuthenticationEntryPoint"
   class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <property name="loginFormUrl">
            <value>/login.jsp</value>
    </property>
    <property name="forceHttps">
            <value>false</value>
    </property>
</bean>

<bean id="externeServiceInterceptor"  class="fr.global.commun.springSecurity.MySecurityInterceptor">
    <property name="authenticationManager" ref="authenticationManager"/>
    ...
    <property name="securityMetadataSource">
    <security:filter-security-metadata-source use-expressions="true" >
        <security:intercept-url pattern="/externe*.do" access="isAuthenticated()" />
        </security:filter-security-metadata-source>
    </property>

问题是所有以开头的请求/externe都重定向到登录页面,如果我删除/*.do,我不会访问拦截器,而是直接在 struts 操作 Externe*.

4

1 回答 1

0

xml 文件中的这个条目被遗忘了:

<bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy">
    <security:filter-chain-map path-type="ant">
        <security:filter-chain pattern="/externe*.do" filters="externeServiceInterceptor" />
    </security:filter-chain-map>   
</bean>
于 2012-07-12T14:41:07.957 回答