如何在Spring-Security中取消安全/** URL模式 [英] How to unsecure /** URL pattern in spring-security
问题描述
我正试图取消/**模式的安全性,但是到目前为止,我的所有尝试都是徒劳的.
I'm trying to unsecure the /** pattern, but all my tries are in vain so far.
这就是我在做什么:
<security:intercept-url pattern="/**" filters="none" />
我的配置不再包含intercept-url
定义.
My configuration doesn't contain any more intercept-url
definitions.
但是,在访问任何URL之后,我仍然会重定向到默认入口点...
However after accessing any URL I still get redirected to the default entry point...
我调试了spring安全性源,实际上可以看到正在为我尝试访问的URL加载的过滤器. (FilterChainProxy
行:154,filters
列表已满)
I debugged the spring security source and I can actually see the the filters being loaded for the URL I'm trying to access. (FilterChainProxy
line: 154, the filters
list is full)
任何对这种情况发生的原因以及如何使/**不安全的见解将不胜感激.
Any insight into why this happens and how to unsecure /** would be very appreciated.
我正在使用3.0.5.RELEASE
I'm using 3.0.5.RELEASE
安全配置:
<security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<!-- dev --><security:intercept-url pattern="/**" filters="none" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="absoluteUrlSsoFilter" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="ssoDetailsService" />
</security:authentication-manager>
这是相关的部分,我也可以为您提供bean的定义,但是我怀疑问题在那里.
This is the relevant part, I could also give you the bean definitions, but I doubt the problem is there.
推荐答案
至少在grails中,您可以将安全设置设置为IS_AUTHENTICATED_ANONYMOUSLY.由于grails spring安全插件基于spring security,所以我敢打赌这会起作用.
at least in grails, you could set the security setting to IS_AUTHENTICATED_ANONYMOUSLY. Since the grails spring security plugin is based on spring security, I bet this would work.
不需要玩滤镜或其他任何东西.
no need to play with filters or anything.
这篇关于如何在Spring-Security中取消安全/** URL模式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!