Jsp Spring重定向请求将资源获取到我的控制器，但不应这样做_Jsp_Spring Mvc_Spring Security_Resources

Jsp Spring重定向请求将资源获取到我的控制器，但不应这样做

jsp spring-mvc spring-security

Jsp Spring重定向请求将资源获取到我的控制器，但不应这样做,jsp,spring-mvc,spring-security,resources,Jsp,Spring Mvc,Spring Security,Resources,我试图在我的项目中使用聚合物。我正在使用SpringMVC和SpringSecurity 问题是spring将所有资源显示为我的管理视图结构： -- webapp -- WEB-INF -- spring -- springs*.xml -- views -- all*.jsp -- web_resources -- bower_components -- layouts 一个资源请求的日志： 2014-11-05T13:04

我试图在我的项目中使用聚合物。我正在使用SpringMVC和SpringSecurity

问题是spring将所有资源显示为我的管理视图

结构：

-- webapp
  -- WEB-INF
    -- spring
      -- springs*.xml
    -- views
      -- all*.jsp
  -- web_resources
    -- bower_components
    -- layouts

一个资源请求的日志：

2014-11-05T13:04:40.360+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/web_resources**'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-11-05T13:04:40.361+0100|Info: HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-11-05T13:04:40.361+0100|Info: No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@678feca. A new one will be created.
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 3 of 12 in additional filter chain; firing Filter: 'CsrfFilter'
2014-11-05T13:04:40.361+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 4 of 12 in additional filter chain; firing Filter: 'LogoutFilter'
2014-11-05T13:04:40.362+0100|Info: Request 'GET /web_resources/bower_components/core-elements/core-elements.html' doesn't match 'POST /j_spring_security_logout
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 5 of 12 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 6 of 12 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 7 of 12 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 8 of 12 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 9 of 12 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-11-05T13:04:40.362+0100|Info: Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@90579aae: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: fd78d1adb1c5c70611f9c5efafeb; Granted Authorities: ROLE_ANONYMOUS'
2014-11-05T13:04:40.362+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 10 of 12 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-11-05T13:04:40.363+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 11 of 12 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-11-05T13:04:40.364+0100|Info: /web_resources/bower_components/core-elements/core-elements.html at position 12 of 12 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-11-05T13:04:40.364+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/admin**'
2014-11-05T13:04:40.364+0100|Info: Checking match of request : '/web_resources/bower_components/core-elements/core-elements.html'; against '/home**'
2014-11-05T13:04:40.364+0100|Info: Secure object: FilterInvocation: URL: /web_resources/bower_components/core-elements/core-elements.html; Attributes: [permitAll]
2014-11-05T13:04:40.364+0100|Info: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@90579aae: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@2eb76: RemoteIpAddress: 127.0.0.1; SessionId: fd78d1adb1c5c70611f9c5efafeb; Granted Authorities: ROLE_ANONYMOUS
2014-11-05T13:04:40.364+0100|Info: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5ca24e29, returned: 1
2014-11-05T13:04:40.365+0100|Info: Authorization successful
2014-11-05T13:04:40.365+0100|Info: RunAsManager did not change Authentication object
2014-11-05T13:04:40.365+0100|Info: /web_resources/bower_components/core-elements/core-elements.html reached end of additional filter chain; proceeding with original chain
2014-11-05T13:04:40.365+0100|Info: DispatcherServlet with name 'mvc-dispatcher' processing GET request for [/base/web_resources/bower_components/core-elements/core-elements.html]
2014-11-05T13:04:40.366+0100|Info: Looking up handler method for path /web_resources/bower_components/core-elements/core-elements.html
2014-11-05T13:04:40.366+0100|Info: Checking match of request : '/web_resources/bower_components/paper-elements/paper-elements.html'; against '/web_resources**'
2014-11-05T13:04:40.366+0100|Info: /web_resources/bower_components/paper-elements/paper-elements.html at position 1 of 12 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-11-05T13:04:40.366+0100|Info: Returning handler method [public org.springframework.web.servlet.ModelAndView com.base.controller.AdminController.admin()]
2014-11-05T13:04:40.366+0100|Info: Returning cached instance of singleton bean 'adminController'
2014-11-05T13:04:40.367+0100|Info: HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-11-05T13:04:40.367+0100|Info: No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@678feca. A new one will be created.
2014-11-05T13:04:40.367+0100|Info: /web_resources/bower_components/paper-elements/paper-elements.html at position 2 of 12 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'

请求我的web_资源的日志（此返回mi管理员视图）

我的spring-security.xml

    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="
            http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-3.2.xsd">

        <http pattern="/web_resources**" security="none" />

        <http auto-config="true" use-expressions="true">

            <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />
            <intercept-url pattern="/home**" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')" />
            <intercept-url pattern="/**" access="permitAll" />

            <access-denied-handler error-page="/403" />

            <form-login
                login-page="/login"
                default-target-url="/home"
                authentication-failure-url="/login?error"
                username-parameter="username"
                password-parameter="password" />

            <logout logout-success-url="/login?logout" />

            <csrf />

        </http>

        <authentication-manager>
            <authentication-provider user-service-ref="userService">
                <password-encoder hash="bcrypt" />
            </authentication-provider>
        </authentication-manager>
</beans>

}

如果我删除注释@Controller和@RequestMapping并将这两行添加到我的dispatcher中，那么资源将起作用：

<mvc:resources mapping="/web_resources/bower_components/**" location="/web_resources/bower_components/" />
<mvc:resources mapping="/web_resources/layouts/**" location="/web_resources/layouts/" />

但我不明白为什么我的管理员控制器会得到所有的资源请求。有人能帮我吗？

我的问题出在

 @RequestMapping(name = "/admin").

它用错了，我需要把

“name”

改成

“value”

和所有的作品

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

<!DOCTYPE html>
<html>

    <head>
        <link rel="import" href='<c:url value="/web_resources/bower_components/core-elements/core-elements.html"></c:url>'>
        <link rel="import" href="/base/web_resources/bower_components/paper-elements/paper-elements.html">
        <link rel="import" href="/base/web_resources/layouts/app-main.html">
        <link rel="import" href="/base/web_resources/bower_components/polymer/polymer.html">
    </head>

    <body>
        <app-home></app-home>
    </body>

</html>

<polymer-element name="app-home">

    <template>
      <link rel="stylesheet" href="css/app-login.css">

      <app-main selected="Home">

            Home

      </app-main>

    </template>

    <script>
        Polymer('app-home', {

        });
    </script>

</polymer-element>

@RequestMapping(name = "/admin")
public ModelAndView admin() {

    ModelAndView model = new ModelAndView(Name.VIEW_ADMIN);
    model.setViewName(Name.VIEW_ADMIN);


    return model;
}

<mvc:resources mapping="/web_resources/bower_components/**" location="/web_resources/bower_components/" />
<mvc:resources mapping="/web_resources/layouts/**" location="/web_resources/layouts/" />

 @RequestMapping(name = "/admin").