Почему я получаю базовое приглашение аутентификации, когда я иду в / preregistered / *?Я думал, что приведенная ниже конфигурация применима только к базовой аутентификации, когда / services / ** url-путь соответствует.Я использую Spring-Security 3.1.0.M1
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:annotation-config /> <context:component-scan base-package="dc" /> <global-method-security /> <http security="none" pattern="/javax.faces.resource/**" /> <http security="none" pattern="/services/rest-api/1.0/public/**" /> <http pattern="/services/**" create-session="stateless"> <intercept-url pattern="/**" access="ROLE_USER" /> <http-basic /> </http> <http access-denied-page="/auth/denied.html"> <intercept-url pattern="/**/*.xhtml" access="ROLE_NONE_GETS_ACCESS" /> <intercept-url pattern="/preregistered/*" access="ROLE_ANONYMOUS,ROLE_USER"/> <intercept-url pattern="/auth/*" access="ROLE_ANONYMOUS,ROLE_USER"/> <intercept-url pattern="/preregistered/*" access="ROLE_ANONYMOUS,ROLE_USER"/> <intercept-url pattern="/registered/*" access="ROLE_USER" requires-channel="http"/> <intercept-url pattern="/secured/*" access="ROLE_USER" requires-channel="https"/> <form-login login-processing-url="/j_spring_security_check.html" login-page="/auth/login.html" default-target-url="/registered/home.html" authentication-failure-url="/auth/login.html" /> <logout invalidate-session="true" logout-url="/auth/logout.html" success-handler-ref="DCLogoutSuccessHandler"/> <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/> <custom-filter after="FORM_LOGIN_FILTER" ref="xmlAuthenticationFilter" /> <session-management session-fixation-protection="none"/> </http> <authentication-manager alias="am"> <authentication-provider user-service-ref="userManager"> <password-encoder ref="passwordEncoder" /> </authentication-provider> <authentication-provider ref="xmlAuthenticationProvider" /> </authentication-manager> </beans:beans>
Пытаетесь ли вы найти .xhtml под /preregistered?
/preregistered
Если вы пытаетесь достичь http://yoururl.com/preregistered/something.xhtml.
http://yoururl.com/preregistered/something.xhtml
Ваше intercept-url определение:
intercept-url
<intercept-url pattern="/**/*.xhtml" access="ROLE_NONE_GETS_ACCESS" />
перехватит его.