开发者

Difference between access="permitAll" and filters="none"?

开发者 https://www.devze.com 2023-04-04 13:28 出处：网络

Here is a part from Spring Security petclinic example: <http use-expressions=\"true\"> <intercept-url pattern=\"/\" access=\"permitAll\"/>

相关专题：spring spring-security

Here is a part from Spring Security petclinic example:

<http use-expressions="true">
    <intercept-url pattern="/" access="permitAll"/>
    <intercept-url pattern="/static/**" filters="none" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <form-login />
    <logout />
</http>

What is the difference betw开发者_运维问答een access="permitAll" and filters="none"?

Url: http://static.springsource.org/spring-security/site/petclinic-tutorial.html

The difference is that filters = "none" disables Spring Security filters for the specified URLs, whereas access = "permitAll" configures authorization without disabling filters.

In practice, filters = "none" may cause problems when resources behind it require some functionality of Spring Security. For example, you can't use it for user registration page that performs programmatic login on submit (User Granted Authorities are always : ROLE_ANONYMOUS?).