java – Spring Security permitAll()不允许匿名访问

前端之家收集整理的这篇文章主要介绍了java – Spring Security permitAll()不允许匿名访问前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个方法,我想允许匿名和身份验证访问.

我使用Spring Security 3.2.4与基于java的配置.

重写的配置方法(在我的自定义配置类扩展WebSecurityConfigurerAdapter)中具有以下http块:

http
        .addFilterBefore(muiltpartFilter,ChannelProcessingFilter.class)
        .addFilterBefore(cf,ChannelProcessingFilter.class)
        .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
        .authorizeRequests()
            .antMatchers("/ping**")
            .permitAll()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .logoutUrl("/logout")
        .logoutSuccessUrl("/login");

ping请求处理程序和方法在一个还包含登录处理程序的控制器中,并且没有单独的@PreAuthorize或其他可能导致问题的注释.

问题是匿名访问被拒绝,用户重定向登录页面.

在调试级别登录时,我会看到Spring Security提供的以下反馈信息:

[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /ping; Attributes: [authenticated]
[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] PrevIoUsly Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faad796: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffa64e: RemoteIpAddress: 192.168.2.128; SessionId: 0EF6B13BBA5F00C020FF9C35A6E3FBA9; Granted Authorities: ROLE_ANONYMOUS
[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.access.vote.AffirmativeBased] Voter: org.springframework.security.web.access.expression.WebExpressionVoter@123f2882,returned: -1
[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.ExceptionTranslationFilter] Access is denied (user is anonymous); redirecting to authentication entry point

我想要完成的是具有可以在任何时候调用方法,并且将发送一个回复,指示请求是否在登录的会话内.

解决方法

权限顺序很重要,它可以像我这样配置:
.authorizeRequests()
        .antMatchers("/ping**")
        .permitAll()
        .and()
.authorizeRequests()
        .anyRequest()
        .authenticated()
        .and()

猜你在找的Java相关文章