I have an application that uses Spring Security 3 runs on Tomcat. I didn't define any favicon for my website however when I run my application from my IDE sometimes
after I login from my login pages it redirects my page to:
http://localhost:8080/favicon.ico
and says:
404 Not Found
There is a topic here: http://forum.springsource.org/showthread.开发者_JAVA技巧php?100901-redirect-to-favicon.ico however I didn't define a favicon.ico does Spring Security 3 wants it by default(if yes, why it happens sometimes?)
Here is the explanation:
The issue is, when the browser cache is empty and a user comes in, here is what happens:
- the user requests URL "/". This URL is cached.
- the browser makes a requests to "/favicon.ico". This URL becomes the new URL where to redirect to upon authentication.
- the user posts the login form and is redirected to "/favicon.ico".
To fix this, you need to set "/favicon.ico" as being a non-secured resources:
<intercept-url pattern="/favicon.ico" access="ROLE_ANONYMOUS" />
Taken from: http://blog.idm.fr/2010/09/spring-security-redirecting-to-faviconico.html
For Grails 3.0.11 & Spring Security Core 3.0.2, add "IS_AUTHENTICATED_ANONYMOUSLY" in application.groovy in the section:
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
...
..
.
[pattern: '/favicon.ico', access: ['IS_AUTHENTICATED_ANONYMOUSLY']]
]
精彩评论