本文介绍了access =" permitAll"和filters =" none"?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

以下是Spring Security petclinic示例的一部分:

Here is a part from Spring Security petclinic example:

<http use-expressions="true">
    <intercept-url pattern="/" access="permitAll"/>
    <intercept-url pattern="/static/**" filters="none" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <form-login />
    <logout />
</http>

access =permitAll和filters =none之间有什么区别?

What is the difference between access="permitAll" and filters="none"?

网址:

推荐答案

区别在于 filters =none禁用指定URL的Spring Security过滤器,而 access =permitAll配置授权而不禁用过滤器。

The difference is that filters = "none" disables Spring Security filters for the specified URLs, whereas access = "permitAll" configures authorization without disabling filters.

实际上, filters =none可能会导致资源出现问题它背后需要Spring Security的一些功能。例如,您不能将其用于在提交时执行程序化登录的用户注册页面()。

In practice, filters = "none" may cause problems when resources behind it require some functionality of Spring Security. For example, you can't use it for user registration page that performs programmatic login on submit (User Granted Authorities are always : ROLE_ANONYMOUS?).

这篇关于access =&quot; permitAll&quot;和filters =&quot; none&quot;?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-11 00:20