Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/spring/11.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java Spring安全筛选器映射-禁用特定Url模式_Java_Spring_Servlets_Spring Security_Servlet Filters - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java Spring安全筛选器映射-禁用特定Url模式

Java Spring安全筛选器映射-禁用特定Url模式

java spring servlets spring-security

Java Spring安全筛选器映射-禁用特定Url模式,java,spring,servlets,spring-security,servlet-filters,Java,Spring,Servlets,Spring Security,Servlet Filters,我有以下servlet定义: <servlet> <servlet-name>licenseGenService</servlet-name> <servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class> </servlet> <s

我有以下servlet定义:

    <servlet>
        <servlet-name>licenseGenService</servlet-name>
        <servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>licenseGenService</servlet-name>
        <url-pattern>/remoting/licensing</url-pattern>
    </servlet-mapping>

    <!-- Restful API Servlet-->
    <servlet>
        <servlet-name>licensingRestService</servlet-name>
        <servlet-class>
            com.sun.jersey.spi.spring.container.servlet.SpringServlet
        </servlet-class>
        <init-param>
            <param-name>
                    com.sun.jersey.config.property.packages
            </param-name>
            <param-value>
                com.mydomain.licensing.rest
            </param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>licensingRestService</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>


许可证服务
org.springframework.web.context.support.HttpRequestHandlerServlet
许可证服务
/远程处理/许可
许可证服务
com.sun.jersey.spi.spring.container.servlet.SpringServlet
com.sun.jersey.config.property.packages
com.mydomain.licensing.rest
1.
许可证服务
/*
然后是以下安全过滤器:

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>


    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
因此,根据我读到的内容,带有
/*
的url模式会被带有显式url的模式覆盖。这对我的servlet来说很好。问题是,我不希望
licenseGenService
servlet需要基本的身份验证。如何将安全过滤器定义为仅应用于REST servlet,而不应用于
licenseGenService
one?

您可以在应用程序上下文xml中配置需要授权的URL

<http use-expressions="true">
  <intercept-url pattern="/remoting/licensing/**"  filters="none" />
</http>
我最后在我的安全应用程序上下文中放置了以下内容:

<http pattern="/remoting/**" security="none"/>
这适用于Spring3.1

您所说的ava到Java远程处理servlet是什么意思。抱歉,
licenseGenService
servlet。我将编辑以使其更清楚。我知道我想键入什么,但我忘记了听众。您可以将licensingRestService映射到/api,然后将安全过滤器应用到/api吗?否则,您将需要以编程方式在筛选器中筛选出/remoting/licensing,然后继续执行安全筛选器(即filterchain)。例如,让您的筛选器采用ignore patterns参数,然后在转发到链中的下一个筛选器之前,检查您的筛选器url是否在ignore patterns中。这是不推荐使用的版本。但是谢谢你,你把我引向了正确的方向。