我有以下定义...
<bean id="fsi" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="objectDefinitionSource">
<sec:filter-invocation-definition-source >
<sec:intercept-url pattern="/secure/css/**" access="ROLE_TIER0"/>
<sec:intercept-url pattern="/secure/images/**" access="ROLE_TIER0"/>
<sec:intercept-url pattern="/**" access="ROLE_TIER0"/>
</sec:filter-invocation-definition-source>
</property>
</bean>
我想要这个网址上的资源...
“/非安全/**”
对所有呼叫开放,即周围没有安全保障。
我试过添加...
<sec:intercept-url pattern="/nonsecure/**" access="permitAll" />
但这会导致 Websphere 抛出错误
Unsupported configuration attributes: [permitAll]
谁能告诉我如何从安全性中排除此 URL?
在 spring security 3.1.x 中,不推荐使用filters="none"。相反,你使用多个<http>
像这样的标签:
<http pattern="/nonsecure/**" security="none"/>
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)