如何在 spring-security 中取消保护/** URL 模式 [英] How to unsecure /** URL pattern in spring-security
问题描述
我正在尝试取消/** 模式的安全性,但到目前为止我所有的尝试都是徒劳的.
I'm trying to unsecure the /** pattern, but all my tries are in vain so far.
这就是我正在做的:
<security:intercept-url pattern="/**" filters="none" />
我的配置不再包含任何 intercept-url
定义.
My configuration doesn't contain any more intercept-url
definitions.
但是在访问任何 URL 后,我仍然被重定向到默认入口点...
However after accessing any URL I still get redirected to the default entry point...
我调试了 spring 安全源,我实际上可以看到正在为我尝试访问的 URL 加载的过滤器.(FilterChainProxy
行:154,filters
列表已满)
I debugged the spring security source and I can actually see the the filters being loaded for the URL I'm trying to access. (FilterChainProxy
line: 154, the filters
list is full)
任何有关为什么会发生这种情况以及如何不保护/** 的见解将不胜感激.
Any insight into why this happens and how to unsecure /** would be very appreciated.
我使用的是 3.0.5.RELEASE
I'm using 3.0.5.RELEASE
安全配置:
<security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<!-- dev --><security:intercept-url pattern="/**" filters="none" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="absoluteUrlSsoFilter" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="ssoDetailsService" />
</security:authentication-manager>
这是相关的部分,我也可以给你bean定义,但我怀疑问题是否存在.
This is the relevant part, I could also give you the bean definitions, but I doubt the problem is there.
推荐答案
至少在 grails 中,您可以将安全设置设置为 IS_AUTHENTICATED_ANONYMOUSLY.由于 grails spring security 插件基于 spring security,我敢打赌这会奏效.
at least in grails, you could set the security setting to IS_AUTHENTICATED_ANONYMOUSLY. Since the grails spring security plugin is based on spring security, I bet this would work.
无需使用过滤器或任何东西.
no need to play with filters or anything.
这篇关于如何在 spring-security 中取消保护/** URL 模式的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!