Spring Security:如何排除某些资源? [英] Spring Security: how to exclude certain resources?
本文介绍了Spring Security:如何排除某些资源?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有以下定义...
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="objectDefinitionSource">
<sec:filter-invocation-definition-source >
<sec:intercept-url pattern="/secure/css/**" access="ROLE_TIER0"/>
<sec:intercept-url pattern="/secure/images/**" access="ROLE_TIER0"/>
<sec:intercept-url pattern="/**" access="ROLE_TIER0"/>
</sec:filter-invocation-definition-source>
</property>
</bean>
我想要这个网址上的资源...
I'd like to have the resources on this url...
"/nonSecure/**"
"/nonSecure/**"
对所有调用开放,即没有安全措施.
Open to all calls, i.e. no security around it.
我试过添加...
<sec:intercept-url pattern="/nonsecure/**" access="permitAll" />
但这会导致 Websphere 抛出一个关于
But this causes Websphere to throw an error about
Unsupported configuration attributes: [permitAll]
谁能告诉我如何从安全中排除此 URL?
Can anyone tell me how to exclude this URL from security?
推荐答案
在 spring security 3.1.x 中不推荐使用 filters="none".相反,您可以使用多个 <http>
标签,如下所示:
In spring security 3.1.x the use of filters="none" is deprecated. Instead you use multiple <http>
tags like this:
<http pattern="/nonsecure/**" security="none"/>
这篇关于Spring Security:如何排除某些资源?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文