5
參考文檔說,urls按照聲明的順序匹配,但聲明的最後一個在先前聲明的某些之前匹配。Spring Security 3.0攔截url訂購
這裏是我的聲明:
<intercept-url pattern="/static/**" filters="none" />
<intercept-url pattern="/login.jsp*" filters="none" />
<intercept-url pattern="/logout.jsp*" filters="none" />
<intercept-url pattern="/forgotpassword*" filters="none" />
<intercept-url pattern="/WEB-INF/jsp/forgotpassword*" filters="none" />
<intercept-url pattern="**/ordersearch*" access="hasRole('ROLE_VIEW_ORDER_STATUS')" />
<intercept-url pattern="**/creditstatus*" access="hasRole('ROLE_VIEW_CREDIT_STATUS')" />
<intercept-url pattern="**/shop*" access="hasRole('ROLE_INTERNAL') and hasRole('ROLE_CREATE_SALES_ORDER')" />
<intercept-url pattern="/**" access="hasAnyRole('ROLE_INTERNAL','ROLE_EXTERNAL')" />
它試圖以匹配所有filters="none"
,但隨後跳轉到最後一個模式/**
。所以像/appname/ordersearch
這樣的URL被/**
攔截,而不是**/ordersearch*
。任何想法我做錯了什麼?