默认的Spring Security重定向到Favicon [英] Default Spring Security redirect to favicon

问题描述

我正在使用Spring Security 3.1.授权后重定向时出现问题.它将重定向到favicon 404错误.为网站图标添加role_anonymous并没有帮助.

I'm using Spring Security 3.1. I have a problem when redirecting after authorization. It redirects to a favicon 404 error. Adding role_anonymous for favicon didn't help.

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!--To enable spring security comment this string
    <http auto-config="true" security="none"/>-->

    <!-- To enable spring security remove comment from this code-->
        <http auto-config="true">
                <intercept-url pattern="/**" access="ROLE_ADMIN"/>
                <intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
        </http>


<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="hey" password="there" authorities="ROLE_ADMIN" />
        </user-service>
    </authentication-provider>
</authentication-manager>

</beans:beans>

推荐答案

最好不要从过滤器链中完全忽略该路径.

You're best to omit that path from the filter chain completely.

使用

<http pattern="/favicon.ico" security="none" />

<http auto-config="true">
    <intercept-url pattern="/**" access="ROLE_ADMIN"/>
</http>

相反.

还请记住，您需要按从大到小的特定顺序对intercept-url元素进行排序，因此您的原始配置在任何情况下都将忽略favicon模式.

Also remember that you need to order your intercept-url elements from most to least specific patterns, so your original configuration would have ignored the favicon pattern in any case.

我还建议您不要使用auto-config，而要明确指定要使用的功能，以使您清楚要添加到安全过滤器链中的内容.

I'd also recommend that you don't use auto-config but specify the features that you want to use explicitly so that you are clear what is being added to the security filter chain.

这篇关于默认的Spring Security重定向到Favicon的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！