我正在使用 Appfuse - Spring security、Struts 和 urlrewrite,我试图在登录应用程序之前调用一个操作(我忘记了密码功能)。
问题是我只能在用户登录时访问该操作。该操作被重定向到登录页面。
我将模式添加<http pattern="/resetPassword/**" security="none"/>到 security.xml
以及 urlrewrite.xml 中的以下规则
<rule>
<from>/resetPassword</from>
<to>/resetPassword</to>
</rule>
我的安全.xml
<http pattern="/images/**" security="none"/>
<http pattern="/styles/**" security="none"/>
<http pattern="/scripts/**" security="none"/>
<http pattern="/assets/**" security="none"/>
<http pattern="/resetPassword/**" security="none"/>
<http auto-config="true">
<intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<intercept-url pattern="/passwordHint*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
<intercept-url pattern="/signup*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
<intercept-url pattern="/saveSignup*" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/>
<intercept-url pattern="/**/*.action*" access="ROLE_ADMIN,ROLE_USER"/>
<form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check" always-use-default-target = "true"/>
<remember-me user-service-ref="userDao" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDao">
<password-encoder ref="passwordEncoder">
</password-encoder>
</authentication-provider>
</authentication-manager>
<!-- Override the default password-encoder (BCrypt) by uncommenting the following and changing the class -->
<!-- <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> -->
<global-method-security>
<protect-pointcut expression="execution(* *..service.UserManager.getUsers(..))" access="ROLE_ADMIN"/>
<protect-pointcut expression="execution(* *..service.UserManager.removeUser(..))" access="ROLE_ADMIN"/>
</global-method-security>
我会错过什么?