我有一个方法,我想允许匿名和身份验证访问.
我使用Spring Security 3.2.4与基于java的配置.
重写的配置方法(在我的自定义配置类扩展WebSecurityConfigurerAdapter)中具有以下http块:
http
.addFilterBefore(muiltpartFilter,ChannelProcessingFilter.class)
.addFilterBefore(cf,ChannelProcessingFilter.class)
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.authorizeRequests()
.antMatchers("/ping**")
.permitAll()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login");
ping请求处理程序和方法在一个还包含登录处理程序的控制器中,并且没有单独的@PreAuthorize或其他可能导致问题的注释.
在调试级别登录时,我会看到Spring Security提供的以下反馈信息:
[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /ping; Attributes: [authenticated] [2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] PrevIoUsly Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faad796: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffa64e: RemoteIpAddress: 192.168.2.128; SessionId: 0EF6B13BBA5F00C020FF9C35A6E3FBA9; Granted Authorities: ROLE_ANONYMOUS [2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.access.Vote.AffirmativeBased] Voter: org.springframework.security.web.access.expression.WebExpressionVoter@123f2882,returned: -1 [2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.ExceptionTranslationFilter] Access is denied (user is anonymous); redirecting to authentication entry point
解决方法
权限顺序很重要,它可以像我这样配置:
.authorizeRequests()
.antMatchers("/ping**")
.permitAll()
.and()
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
原文地址:https://www.jb51.cc/java/123378.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
