java 如何在 spring-security 中取消保护 /** URL 模式
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/6216160/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to unsecure /** URL pattern in spring-security
提问by Simeon
I'm trying to unsecure the /** pattern, but all my tries are in vain so far.
我试图取消 /** 模式的安全,但到目前为止我所有的尝试都是徒劳的。
This is what I'm doing:
这就是我正在做的:
<security:intercept-url pattern="/**" filters="none" />
My configuration doesn't contain any more intercept-urldefinitions.
我的配置不再包含任何intercept-url定义。
However after accessing any URL I still get redirected to the default entry point...
但是在访问任何 URL 后,我仍然被重定向到默认入口点......
I debugged the spring security source and I can actually see the the filters being loaded for the URL I'm trying to access. (FilterChainProxyline: 154, the filterslist is full)
我调试了 spring 安全源,我实际上可以看到正在为我尝试访问的 URL 加载过滤器。(FilterChainProxy第 154 行,filters列表已满)
Any insight into why this happens and how to unsecure /** would be very appreciated.
任何有关为什么会发生这种情况以及如何不保护 /** 的见解将不胜感激。
I'm using 3.0.5.RELEASE
我正在使用 3.0.5.RELEASE
EDIT:
编辑:
Security configuration:
安全配置:
<security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<!-- dev --><security:intercept-url pattern="/**" filters="none" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="absoluteUrlSsoFilter" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="ssoDetailsService" />
</security:authentication-manager>
This is the relevant part, I could also give you the bean definitions, but I doubt the problem is there.
这是相关的部分,我也可以给你 bean 的定义,但我怀疑问题是否存在。
采纳答案by hvgotcodes
at least in grails, you could set the security setting to IS_AUTHENTICATED_ANONYMOUSLY. Since the grails spring security plugin is based on spring security, I bet this would work.
至少在 grails 中,您可以将安全设置设置为 IS_AUTHENTICATED_ANONYMOUSLY。由于 grails spring security 插件基于 spring security,我敢打赌这会奏效。
no need to play with filters or anything.
无需玩过滤器或任何东西。
回答by Roadrunner
Why configure Spring Security if You want to turn in off completelly in the first place?
如果首先要完全关闭,为什么要配置 Spring Security?
If You wan it off in dev mode why not put it in seperate XML and not load this single file when id dev mode and comment the springSecurityFilterChainin web.xml? (the second one You can do with Maven resource processing).
如果你在开发模式下关闭它,为什么不把它放在单独的 XML 中,而不是在 id dev 模式下加载这个单个文件并springSecurityFilterChain在 web.xml 中注释?(第二个你可以用 Maven 资源处理来做)。
Or try some dummy entry before the /**matcher:
或者在/**匹配器之前尝试一些虚拟条目:
<security:intercept-url pattern="/dummy" access="IS_AUTHENTICATED_FULLY" />
<security:intercept-url pattern="/**" filters="none" />
Still don't really get the reason why would You need the security fully configured and turned in the same time off?
仍然不明白为什么您需要完全配置并同时关闭安全性?
