如何在 spring-security 中取消保护/** URL 模式 [英] How to unsecure /** URL pattern in spring-security

问题描述

我正在尝试取消/** 模式的安全性，但到目前为止我所有的尝试都是徒劳的.

I'm trying to unsecure the /** pattern, but all my tries are in vain so far.

这就是我正在做的:

<security:intercept-url pattern="/**" filters="none" />

我的配置不再包含任何 intercept-url 定义.

My configuration doesn't contain any more intercept-url definitions.

但是在访问任何 URL 后，我仍然被重定向到默认入口点...

However after accessing any URL I still get redirected to the default entry point...

我调试了 spring 安全源，我实际上可以看到正在为我尝试访问的 URL 加载的过滤器.(FilterChainProxy 行:154，filters 列表已满)

I debugged the spring security source and I can actually see the the filters being loaded for the URL I'm trying to access. (FilterChainProxy line: 154, the filters list is full)

任何有关为什么会发生这种情况以及如何不保护/** 的见解将不胜感激.

Any insight into why this happens and how to unsecure /** would be very appreciated.

我使用的是 3.0.5.RELEASE

I'm using 3.0.5.RELEASE

安全配置:

 <security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
    <!-- dev --><security:intercept-url pattern="/**" filters="none" />

    <security:custom-filter position="FORM_LOGIN_FILTER" ref="absoluteUrlSsoFilter" />
</security:http>

<security:authentication-manager>
    <security:authentication-provider user-service-ref="ssoDetailsService" />
</security:authentication-manager>

这是相关的部分，我也可以给你bean定义，但我怀疑问题是否存在.

This is the relevant part, I could also give you the bean definitions, but I doubt the problem is there.

推荐答案

至少在 grails 中，您可以将安全设置设置为 IS_AUTHENTICATED_ANONYMOUSLY.由于 grails spring security 插件基于 spring security，我敢打赌这会奏效.

at least in grails, you could set the security setting to IS_AUTHENTICATED_ANONYMOUSLY. Since the grails spring security plugin is based on spring security, I bet this would work.

无需使用过滤器或任何东西.

no need to play with filters or anything.

这篇关于如何在 spring-security 中取消保护/** URL 模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！