Java 出现Spring Security基本身份验证提示_Java_Spring_Spring Security

Java 出现Spring Security基本身份验证提示

java spring spring-security

Java 出现Spring Security基本身份验证提示,java,spring,spring-security,Java,Spring,Spring Security,当我转到/preregistered/*时，为什么会得到基本身份验证提示？我认为下面的配置只会在/services/**url路径匹配时应用基本身份验证。我使用的是SpringSecurity 3.1.0.M1 <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://

当我转到/preregistered/*时，为什么会得到基本身份验证提示？我认为下面的配置只会在/services/**url路径匹配时应用基本身份验证。我使用的是SpringSecurity 3.1.0.M1

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:util="http://www.springframework.org/schema/util"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/util
    http://www.springframework.org/schema/util/spring-util-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context-3.0.xsd">
    <context:annotation-config />
    <context:component-scan base-package="dc" />
    <global-method-security />
    <http security="none" pattern="/javax.faces.resource/**" />
    <http security="none" pattern="/services/rest-api/1.0/public/**" />
    <http pattern="/services/**" create-session="stateless">
        <intercept-url pattern="/**" access="ROLE_USER" />
        <http-basic />
    </http>
    <http access-denied-page="/auth/denied.html">
         <intercept-url
            pattern="/**/*.xhtml"
            access="ROLE_NONE_GETS_ACCESS" />
         <intercept-url
            pattern="/preregistered/*"
            access="ROLE_ANONYMOUS,ROLE_USER"/>
         <intercept-url
            pattern="/auth/*"
            access="ROLE_ANONYMOUS,ROLE_USER"/>
         <intercept-url
            pattern="/preregistered/*"
            access="ROLE_ANONYMOUS,ROLE_USER"/>
         <intercept-url
            pattern="/registered/*"
            access="ROLE_USER"
            requires-channel="http"/>
          <intercept-url
            pattern="/secured/*"
            access="ROLE_USER"
            requires-channel="https"/>
        <form-login
            login-processing-url="/j_spring_security_check.html"
            login-page="/auth/login.html"
            default-target-url="/registered/home.html"
            authentication-failure-url="/auth/login.html" />
         <logout invalidate-session="true" 
              logout-url="/auth/logout.html" 
              success-handler-ref="DCLogoutSuccessHandler"/>
        <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
        <custom-filter after="FORM_LOGIN_FILTER" ref="xmlAuthenticationFilter" />
        <session-management session-fixation-protection="none"/>
    </http>
    <authentication-manager alias="am">
        <authentication-provider user-service-ref="userManager">
                <password-encoder ref="passwordEncoder" />
        </authentication-provider>
        <authentication-provider ref="xmlAuthenticationProvider" />
    </authentication-manager>
</beans:beans>

您是否试图访问

/preregisted

下的.xhtml

如果您试图访问

http://yoururl.com/preregistered/something.xhtml

您的

截取url

定义：

<intercept-url
        pattern="/**/*.xhtml"
        access="ROLE_NONE_GETS_ACCESS" />

将拦截它。

Simeon是正确的-请记住

intercept url

声明是自上而下进行评估的，第一个匹配的是获胜者。