我已经看到 Spring Security OAuth2 示例spring-servlet.xml
在
<http pattern="/users/**" create-session="never" entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager" xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false" />
<intercept-url pattern="/photos" access="ROLE_USER,SCOPE_READ" />
<intercept-url pattern="/photos/trusted/**" access="ROLE_CLIENT,SCOPE_TRUST" />
<intercept-url pattern="/photos/user/**" access="ROLE_USER,SCOPE_TRUST" />
<intercept-url pattern="/photos/**" access="ROLE_USER,SCOPE_READ" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
标签中的pattern
属性是否有效?http
我在spring-security-2.0.1.xsd
. 如果有效,这个模式与intercept-url
'pattern
属性有什么关系?举个例子,拦截路径/photos/user/**
是否有最终匹配的拦截路径/users/photos/user/**
?谢谢。