如何在Spring-Security中取消安全/** URL模式 [英] How to unsecure /** URL pattern in spring-security

问题描述

我正试图取消/**模式的​​安全性，但是到目前为止，我的所有尝试都是徒劳的.

I'm trying to unsecure the /** pattern, but all my tries are in vain so far.

这就是我在做什么:

<security:intercept-url pattern="/**" filters="none" />

我的配置不再包含intercept-url定义.

My configuration doesn't contain any more intercept-url definitions.

但是，在访问任何URL之后，我仍然会重定向到默认入口点...

However after accessing any URL I still get redirected to the default entry point...

我调试了spring安全性源，实际上可以看到正在为我尝试访问的URL加载的过滤器. (FilterChainProxy行:154，filters列表已满)

I debugged the spring security source and I can actually see the the filters being loaded for the URL I'm trying to access. (FilterChainProxy line: 154, the filters list is full)

任何对这种情况发生的原因以及如何使/**不安全的见解将不胜感激.

Any insight into why this happens and how to unsecure /** would be very appreciated.

我正在使用3.0.5.RELEASE

I'm using 3.0.5.RELEASE

安全配置:

 <security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
    <!-- dev --><security:intercept-url pattern="/**" filters="none" />

    <security:custom-filter position="FORM_LOGIN_FILTER" ref="absoluteUrlSsoFilter" />
</security:http>

<security:authentication-manager>
    <security:authentication-provider user-service-ref="ssoDetailsService" />
</security:authentication-manager>

这是相关的部分，我也可以为您提供bean的定义，但是我怀疑问题在那里.

This is the relevant part, I could also give you the bean definitions, but I doubt the problem is there.

推荐答案

至少在grails中，您可以将安全设置设置为IS_AUTHENTICATED_ANONYMOUSLY.由于grails spring安全插件基于spring security，所以我敢打赌这会起作用.

at least in grails, you could set the security setting to IS_AUTHENTICATED_ANONYMOUSLY. Since the grails spring security plugin is based on spring security, I bet this would work.

不需要玩滤镜或其他任何东西.

no need to play with filters or anything.

这篇关于如何在Spring-Security中取消安全/** URL模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！