I'm trying to configure spring MVC to not authenticate any pages that have no authentication (enable the use of ROLE_ANONYMOUS as explicitly required for all pages).
But I get this message in the debug logs:
o.s.s.w.a.i.FilterSecurityInterceptor - Public object - authentication not attempted
The FilterSecurityInterceptor is added by the namespace. And I think I need to setRejectPublicInvocations on开发者_如何学运维 the filter to disable this.
But I don't see any way to do this through the http namespace. Do I have to abandon using the http namespace entirely just to accomplish this?
In my case I basically did this.
and it's working for anon users.
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/js/**" filters="none" />
<intercept-url pattern="/img/**" filters="none" />
<intercept-url pattern="/loginform.*" filters="none" />
<intercept-url pattern="/topic/addtopic**"
access="hasAnyRole('USER_ROLE','ADMIN_ROLE','OPER_ROLE')" />
<intercept-url pattern="/user/**"
access="hasAnyRole('USER_ROLE','ADMIN_ROLE','OPER_ROLE')" />
<intercept-url pattern="/admin/**" access="hasRole('ADMIN_ROLE')" />
<intercept-url pattern="/cadastro.*" filters="none" />
<form-login login-page="/loginform.html"
authentication-failure-url="/loginform.html?error=invalido" />
</http>
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论