Java Spring安全性|授予匿名用户访问权限时的问题_Java_Spring_Security_Spring Mvc_Spring Security

Java Spring安全性|授予匿名用户访问权限时的问题

java spring security spring-mvc spring-security

Java Spring安全性|授予匿名用户访问权限时的问题,java,spring,security,spring-mvc,spring-security,Java,Spring,Security,Spring Mvc,Spring Security,我正在尝试向根据Spring实现的某个REST方法授予访问权限。[请记住，这是一个具有现有Spring配置的现有应用程序] 我这里的问题是，如果我没有经过身份验证，我就无法访问这个方法。这是我的配置 web.xml 在我的Spring安全应用程序上下文中，我已经明确定义了拦截url，以授予对该方法的匿名访问权 applicationContext-security.xml 我做错了什么谢谢。下的控制器没有匹配的拦截url /wos/student/{stid}/school/{scid} 如

我正在尝试向根据Spring实现的某个REST方法授予访问权限。[请记住，这是一个具有现有Spring配置的现有应用程序]

我这里的问题是，如果我没有经过身份验证，我就无法访问这个方法。这是我的配置

web.xml

在我的Spring安全应用程序上下文中，我已经明确定义了拦截url，以授予对该方法的匿名访问权

applicationContext-security.xml

我做错了什么

谢谢。

下的控制器没有匹配的拦截url

/wos/student/{stid}/school/{scid}

如果我假设

/wos

是您的servlet的名称，那么您需要访问

角色的/student/**
的拦截url
但你只有
<security:intercept-url pattern="/student/add.faces" access="ROLE_STUDENTADMIN" />
<security:intercept-url pattern="/student/createLearningObservation.faces" access="ROLE_USER" />



最终匹配的截取url是
<security:intercept-url pattern="/**" access="ROLE_USER" />



因此，您只能访问经过身份验证的控制器 请显示所有applicationContext安全性。xml@DirkLachowski更新了我的问题。
  <security:http auto-config="false" entry-point-ref="formAuthenticationEntryPoint">
    <!-- Uses a custom form filter to accommodate the userspace -->
    <security:custom-filter position="FORM_LOGIN_FILTER" ref="userspaceAwareFormLoginFilter" /> 
    <security:anonymous />
    <security:logout />

    <!-- Workaround for RichFaces automatically including skinning CSS on login page, even though unused -->
    <security:intercept-url pattern="/a4j/**" access="ROLE_ANONYMOUS,ROLE_USER" />
    <!-- Richfaces skinning also uses images and some additional stylesheets... -->
    <security:intercept-url pattern="/css/**" access="ROLE_ANONYMOUS,ROLE_USER" />
    <security:intercept-url pattern="/errorViewExpired.jsp" access="ROLE_ANONYMOUS,ROLE_USER" />
    <security:intercept-url pattern="/images/**" access="ROLE_ANONYMOUS,ROLE_USER" />
    <security:intercept-url pattern="/js/**" access="ROLE_ANONYMOUS,ROLE_USER" />
    <security:intercept-url pattern="/login.faces" access="ROLE_ANONYMOUS,ROLE_USER" />

    <security:intercept-url pattern="/srStudentPhoto/**" access="ROLE_ANONYMOUS,ROLE_USER" />

    <security:intercept-url pattern="/accountsreceivable/**" access="ROLE_AR" />
    <security:intercept-url pattern="/assessment/**" access="ROLE_PLANNING_ASSESSMENT, ROLE_ASSESS_MAINTENANCE" />
    <security:intercept-url pattern="/assessmentmaintenance/**" access="ROLE_ASSESS_MAINTENANCE" />
    <security:intercept-url pattern="/attendance/attendanceJobSettings.faces" access="ROLE_ATTEND" />
    <security:intercept-url pattern="/attendance/attendanceMaintenance.faces" access="ROLE_ATTEND" />
    <security:intercept-url pattern="/attendance/attendanceSettings.faces" access="ROLE_ATTEND" />
    <security:intercept-url pattern="/attendance/attendanceSurvey.faces" access="ROLE_ATTEND" />
    <security:intercept-url pattern="/attendance/unmarkedRegisters.faces" access="ROLE_ATTEND" />
    <security:intercept-url pattern="/earlynotification/**" access="ROLE_ATTEND" />
    <security:intercept-url pattern="/enrol/**" access="ROLE_ENROL" />
    <security:intercept-url pattern="/enrolment/**" access="ROLE_STUDENTADMIN" />
    <security:intercept-url pattern="/incident/**" access="ROLE_BEHAVIOURAL_MGMT" />
    <security:intercept-url pattern="/rollreturn/**" access="ROLE_ROLL_RETURN" />
    <security:intercept-url pattern="/school/schoolYearSettings.faces" access="ROLE_STUDENTADMIN, ROLE_CUSTOMER_SERVICE" />
    <security:intercept-url pattern="/schooladmin/peopleSearch.faces" access="ROLE_USER_MAINTENANCE, ROLE_USER_ADMIN" />
    <security:intercept-url pattern="/schooladmin/maintainPerson.faces" access="ROLE_USER_MAINTENANCE, ROLE_USER_ADMIN" />
    <security:intercept-url pattern="/schooladmin/maintainPersonRoles.faces" access="ROLE_USER_MAINTENANCE, ROLE_USER_ADMIN" />
    <security:intercept-url pattern="/schooladmin/peopleSearch.faces" access="ROLE_USER_MAINTENANCE, ROLE_USER_ADMIN" />
    <security:intercept-url pattern="/schooladmin/groupList.faces" access="ROLE_USER" />
    <security:intercept-url pattern="/schooladmin/groupMaintenance.faces" access="ROLE_USER" />

    <security:intercept-url pattern="/schooladmin/**" access="ROLE_SCHOOLADMIN" />
    <security:intercept-url pattern="/student/add.faces" access="ROLE_STUDENTADMIN" />
    <!-- Should only be accessible by Teachers, but current model does not allow for this -->
    <security:intercept-url pattern="/student/createLearningObservation.faces" access="ROLE_USER" />
    <security:intercept-url pattern="/utils/**" access="ROLE_UTILITIES" />

    <security:intercept-url pattern="/customerservice/**" access="ROLE_CUSTSVC_SUPER, ROLE_CUSTOMER_SERVICE" />

    <security:intercept-url pattern="/**" access="ROLE_USER" />

    <security:intercept-url pattern="/assessments/**" access="ROLE_ANONYMOUS,ROLE_USER" />
  </security:http>

http://localhost:8080:/MyOwnApp/assessments/wos/student/45345345/school/345343

/wos/student/{stid}/school/{scid}

<security:intercept-url pattern="/student/add.faces" access="ROLE_STUDENTADMIN" />
<security:intercept-url pattern="/student/createLearningObservation.faces" access="ROLE_USER" />

<security:intercept-url pattern="/**" access="ROLE_USER" />