問候所有,我使用彈簧安全3.0.2,urlRewrite 3.1.0 ,我有一個彈簧安全問題,我有一個規則,應用程序中的所有頁面需要身份驗證,除了一些頁面,所以我的安全。 XML是:404錯誤的彈簧安全問題?
<http use-expressions="true" >
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/error" filter="none" />
<intercept-url pattern="/**" access="isAuthenticated()" />
.
.
.</http>
在web.xml中我已經定義錯誤頁
<error-page>
<error-code>404</error-code>
<location>/p/error</location>
</error-page>
和問題是,如果我不是一個登錄用戶,並鍵入它的一些網址不存在於app/notFoundUrl這樣的應用程序中,spring安全性將此頁面與需要驗證的模式/ **匹配,所以t他沒有按照預期將用戶重定向到錯誤頁面,而是重定向到登錄頁面,然後重定向到錯誤頁面
並且我希望如果用戶在登錄或不登錄時鍵入了錯誤的url,他直接重定向到錯誤頁面。
我認爲這個問題是關係到web.xml中,這裏是它的:
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- Beans in these files will makeup the configuration of the root web application context -->
<!-- Bootstraps the root web application context before servlet initialization-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Deploys the 'projects' dispatcher servlet whose configuration resides in /WEB-INF/servlet-config.xml-->
<servlet>
<servlet-name>p</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/servlet-config.xml
</param-value>
</init-param>
</servlet>
<!-- Maps all /p URLs to the 'p' servlet -->
<servlet-mapping>
<servlet-name>p</servlet-name>
<url-pattern>/p/*</url-pattern>
</servlet-mapping>
<error-page>
<error-code>404</error-code>
<location>/p/error</location>
</error-page>
<!-- force encoding on the requests -->
<filter>
<filter-name>encoding-filter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding-filter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Security -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/application-config.xml
/WEB-INF/app-security.xml
/WEB-INF/mvc-config.xml
</param-value>
</context-param>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>
任何想法如何解決這個問題呢?
「默認情況下拒絕訪問通常是一種好的做法,而不僅僅是保護我們需要的資源。」 - 從[Spring Security教程]引用(http://static.springsource.org/spring-security/site/tutorial.html) – 2013-05-04 21:11:04