Spring-security 无法匹配“?参数"；格式? [英] Spring-security cannot match "?parameter" format?

问题描述

我使用 spring-security 来保护我的网络，当我通过 spring-roo 在 applicationContext-security.xml 中生成的配置文件学习它时，在 <http> 节点:

I use spring-security to secure my web, when I'm learning it by spring-roo generated config file in applicationContext-security.xml, in <http> node:

 <intercept-url pattern="/userses?form" access="hasRole('ROLE_ADMIN')" />

意思是当你想创建一个Users对象时，首先你需要登录获得ADMIN权限.但实际上并没有奏效.查看日志:

It means when you want to create a Users object, firstly you need to login to get ADMIN permission. But actually it didn't work. Check the log:

2012-05-06 11:39:11,250 [http-8088-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/userses'; against '/userses?form'

框架使用/userses 而不是/userses?form 进行比较，因为字符串不匹配而跳过身份验证过程.为了验证这一点，我还尝试了另一个网址:

The framework use the /userses instead of /userses?form to compare with, authentication process skipped as string didn't match. To verify this I also try another url:

<intercept-url pattern="/userses/abc" access="hasRole('ROLE_ADMIN')" />

我请求了/userses/abc，它检测到用户没有被授权，移到/login页面，查看日志:

I requested the /userses/abc, it detected user is not authorized, and moved to /login page, checked the log:

2012-05-06 11:46:44,343 [http-8088-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/uesrses/abc'; against '/userses/abc'

所以我的问题是:spring-secure 3 不支持?parameter"模式还是我错过了一些配置来支持这个模式?PS:所有代码都是roo生成的，没有修改，还奇怪为什么不行.

So my question is: Doesn't spring-secure 3 support "?parameter" pattern or I missed something to config to support this? PS: All the code is generated by roo without modification, also wonder why it doesn't work.

推荐答案

默认 spring security 使用ant样式匹配，无法匹配参数.然而，正则表达式匹配可以匹配参数

By default spring security uses ant style matching, which can't match on parameters. Regex matching, however, can match on parameters

尝试像这样定义它:

<http request-matcher="regex">
  <security:intercept-url pattern="A/userses?form.*" access="hasRole('ROLE_ADMIN')" />
</http>

不知道为什么 Roo 不会自动执行此操作.好像应该.

Don't know why Roo doesn't do this automatically. Seems like it should.

这篇关于Spring-security 无法匹配“?参数"；格式?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！