我正在尝试为受 Spring Security 保护的应用程序开发 Web 服务。一切正常,除了一件事:我的 Web 服务应该是不安全的,并且 wsdl 应该在没有任何身份验证/授权的情况下提供。所以我添加了适当的拦截 URL 模式。但是,我无法访问 wsdl 页面。我被重定向到登录页面。通过良好的登录名/密码后,我可以访问 wsdl,但没有它们我不能。我尝试了很多模式,但都失败了。也许一些建议:)?
我的 Spring Security 代码(使用当前拦截 URL):
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http pattern="/resources/*" security="none" />
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/auth/login" access="permitAll" />
<intercept-url pattern="/auth/logout" access="permitAll" />
<intercept-url pattern="/auth/denied" access="permitAll" />
<intercept-url pattern="/**SampleInputImpl?wsdl**" access="permitAll" />
<intercept-url pattern="/user" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/*" access="isAuthenticated()" />
<form-login login-page="/auth/login" authentication-failure-url="/auth/login?error=true"
default-target-url="/" />
<access-denied-handler error-page="/auth/denied" />
<logout invalidate-session="true" logout-success-url="/auth/login?logout=true" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
</beans:beans>