Spring mvc 停止spring安全阻止对“我的资源”文件夹的访问_Spring Mvc_Spring Security

Spring mvc 停止spring安全阻止对“我的资源”文件夹的访问

spring-mvc spring-security

Spring mvc 停止spring安全阻止对“我的资源”文件夹的访问,spring-mvc,spring-security,Spring Mvc,Spring Security,我被一个我整天都在努力解决的问题难住了。我刚刚将我的SpringMVCWeb应用程序从3.0.5.RELEASE移动到3.1.0.RELEASE，发现SpringSecurity的行为与我配置的不同当我尝试加载我的登录页面时，我的错误就显现出来了。这些错误是文档类型错误。。。但是在做了一些研究之后，我开始了解到错误消息告诉我，我试图在登录页面中加载的css和js资源找不到（或者我的case spring security不允许访问它们）我一整天都在尝试调整spring安全文件，以允许访问

我被一个我整天都在努力解决的问题难住了。我刚刚将我的SpringMVCWeb应用程序从3.0.5.RELEASE移动到3.1.0.RELEASE，发现SpringSecurity的行为与我配置的不同

当我尝试加载我的登录页面时，我的错误就显现出来了。这些错误是文档类型错误。。。

但是在做了一些研究之后，我开始了解到错误消息告诉我，我试图在登录页面中加载的css和js资源找不到（或者我的case spring security不允许访问它们）

我一整天都在尝试调整spring安全文件，以允许访问css和js资源，但无法正确配置。非常感谢你的帮助

这是我的项目结构

Tomcat Webapps>
   >ReportingManager
      >WEB-INF
         >pages
         >spring-application-context.xml
         >spring-security.xml
         >spring-database.xml
         >spring-resources.xml
         >spring-managers.xml  
      >resources
         >css
         >images
         >reports

这是我的web.xml

<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring-application-context.xml</param-value>
</context-param>

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>*.htm</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>*.html</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>*.rep</url-pattern>
</servlet-mapping>


mvc调度器
/
org.springframework.web.context.ContextLoaderListener
上下文配置位置
/WEB-INF/spring-application-context.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*

这是我的spring-security.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:global-method-security secured-annotations="enabled" />
    <http pattern="/**/*.css" security="none" />
    <http pattern="/**/*.js" security="none" />
    <http pattern="/**/*.png" security="none" />
    <http pattern="/**/*.jpg" security="none" />
    <http pattern="/**/*.gif" security="none" />    
    <security:http auto-config="true">

        <!-- Login and log out -->
        <security:form-login 
            login-page="/login" 
            default-target-url="/welcome"
            authentication-failure-url="/loginfailed" />
        <security:logout logout-success-url="/logout" />

    <intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_LEVEL7" />
    <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_LEVEL7" />
    <intercept-url pattern="/welcome" access="ROLE_LEVEL7" />
    <intercept-url pattern="/priceOverride" access="ROLE_LEVEL7" /> 

    </security:http>

    <!-- Authentication -->
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider user-service-ref="userDetailsDao">
            <security:password-encoder hash="md5" />
        </security:authentication-provider>
    </security:authentication-manager>

</beans>

为了完整起见，这里是我的应用程序上下文

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.1.xsd">

    <!-- import XML fragments to use in the application context  -->
    <import resource="spring-database.xml" />
    <import resource="spring-resources.xml" />
    <import resource="spring-managers.xml" />
    <import resource="spring-security.xml" />

</beans>

还有我的mvc调度程序servlet.xml

<context:component-scan base-package="com.myer.reporting.controller" />
<bean
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix">
        <value>/WEB-INF/pages/</value>
    </property>
    <property name="suffix">
        <value>.jsp</value>
    </property>
</bean>
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />


/WEB-INF/pages/
.jsp

我很抱歉发了这么长的帖子，但我想确保我没有遗漏任何有价值的信息。我知道这肯定是spring安全性造成的，因为当我在3.0.5.RELEASE上时，我可以在浏览器中点击css和javascript。但是，当我尝试在3.1.0.RELEASE上做同样的事情时，我无法点击css或js。但另一个令人困惑的是，我没有得到403个错误。相反，它只是让我停留在当前页面（login.htm）

谢谢你的帮助。尽管这会让人尴尬，但我希望这是一件容易修复的事情，因为我错过了

更新-->我尝试了下面的一些答案，但没有成功。但我确实从日志中获得了一些输出，并在下面附上了输出，以查看是否有人能够判断可能发生的情况。我还根据您提供的帮助稍微更新了我的原始配置

2014-01-07 12:50:43,362 INFO  [SpringSecurityCoreVersion] - You are running with Spring Security Core 3.1.4.RELEASE
2014-01-07 12:50:43,362 INFO  [SecurityNamespaceHandler] - Spring Security 'config' module version is 3.1.4.RELEASE
2014-01-07 12:50:43,455 INFO  [HttpSecurityBeanDefinitionParser] - Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 800, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1200, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1400, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1800, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1900, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2000]
2014-01-07 12:50:44,236 INFO  [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.css'], []
2014-01-07 12:50:44,283 INFO  [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.js'], []
2014-01-07 12:50:44,283 INFO  [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.png'], []
2014-01-07 12:50:44,283 INFO  [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.jpg'], []
2014-01-07 12:50:44,283 INFO  [DefaultSecurityFilterChain] - Creating filter chain: Ant [pattern='/**/*.gif'], []
2014-01-07 12:50:44,704 DEBUG [FilterSecurityInterceptor] - Validated configuration attributes
2014-01-07 12:50:44,704 INFO  [DefaultSecurityFilterChain] - Creating filter chain: org.springframework.security.web.util.AnyRequestMatcher@1, [org.springframework.security.web.context.SecurityContextPersistenceFilter@64dfeb, org.springframework.security.web.authentication.logout.LogoutFilter@a8c19b, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@13eb2bc, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@14865b1, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@c5575, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1be8bf1, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@d591a6, org.springframework.security.web.session.SessionManagementFilter@14d6015, org.springframework.security.web.access.ExceptionTranslationFilter@df39bc, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@147788d]
2014-01-07 12:50:44,720 INFO  [DefaultFilterChainValidator] - Checking whether login URL '/login' is accessible with your configuration
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.css'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.js'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.png'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.jpg'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/**/*.gif'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/resources/**'
2014-01-07 12:50:44,720 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login'; against '/login'
2014-01-07 12:50:44,720 DEBUG [AffirmativeBased] - Voter: org.springframework.security.access.vote.RoleVoter@a3ce3f, returned: -1
2014-01-07 12:50:44,720 DEBUG [AffirmativeBased] - Voter: org.springframework.security.access.vote.AuthenticatedVoter@39b99d, returned: 1
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.css'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.js'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.png'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.jpg'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/**/*.gif'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-01-07 12:52:00,472 DEBUG [HttpSessionSecurityContextRepository] - No HttpSession currently exists
2014-01-07 12:52:00,472 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: null. A new one will be created.
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-01-07 12:52:00,472 DEBUG [AnonymousAuthenticationFilter] - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-01-07 12:52:00,472 DEBUG [SessionManagementFilter] - Requested session ID 5CB169513CF0935187728353885EB4EF is invalid.
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/resources/**'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/login'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/welcome'
2014-01-07 12:52:00,472 DEBUG [AntPathRequestMatcher] - Checking match of request : '/index.jsp'; against '/priceoverride'
2014-01-07 12:52:00,472 DEBUG [FilterSecurityInterceptor] - Public object - authentication not attempted
2014-01-07 12:52:00,472 DEBUG [FilterChainProxy] - /index.jsp reached end of additional filter chain; proceeding with original chain
2014-01-07 12:52:01,659 DEBUG [HttpSessionEventPublisher] - Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.apache.catalina.session.StandardSessionFacade@818805]
2014-01-07 12:52:01,659 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2014-01-07 12:52:01,659 DEBUG [ExceptionTranslationFilter] - Chain processed normally
2014-01-07 12:52:01,659 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.css'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.js'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.png'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.jpg'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/**/*.gif'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 1 of 10 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2014-01-07 12:52:01,675 DEBUG [HttpSessionSecurityContextRepository] - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2014-01-07 12:52:01,675 DEBUG [HttpSessionSecurityContextRepository] - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@818805. A new one will be created.
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 2 of 10 in additional filter chain; firing Filter: 'LogoutFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 3 of 10 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 4 of 10 in additional filter chain; firing Filter: 'BasicAuthenticationFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 5 of 10 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 6 of 10 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 7 of 10 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2014-01-07 12:52:01,675 DEBUG [AnonymousAuthenticationFilter] - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9054b1a2: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@1c07a: RemoteIpAddress: 127.0.0.1; SessionId: 6797458107289A1298C0F15240BC0CB4; Granted Authorities: ROLE_ANONYMOUS'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 8 of 10 in additional filter chain; firing Filter: 'SessionManagementFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 9 of 10 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html at position 10 of 10 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/resources/**'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/login'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/welcome'
2014-01-07 12:52:01,675 DEBUG [AntPathRequestMatcher] - Checking match of request : '/login.html'; against '/priceoverride'
2014-01-07 12:52:01,675 DEBUG [FilterSecurityInterceptor] - Public object - authentication not attempted
2014-01-07 12:52:01,675 DEBUG [FilterChainProxy] - /login.html reached end of additional filter chain; proceeding with original chain
2014-01-07 12:52:02,846 DEBUG [HttpSessionSecurityContextRepository] - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2014-01-07 12:52:02,846 DEBUG [ExceptionTranslationFilter] - Chain processed normally
2014-01-07 12:52:02,846 DEBUG [SecurityContextPersistenceFilter] - SecurityContextHolder now cleared, as request processing completed
2014-01-07 12:52:02,862 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/css/header.css'; against '/**/*.css'
2014-01-07 12:52:02,862 DEBUG [FilterChainProxy] - /resources/css/header.css has an empty filter list
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/grid.locale-en.js'; against '/**/*.css'
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery-1.7.1.min.js'; against '/**/*.css'
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/grid.locale-en.js'; against '/**/*.js'
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery-1.7.1.min.js'; against '/**/*.js'
2014-01-07 12:52:02,877 DEBUG [FilterChainProxy] - /resources/js/grid.locale-en.js has an empty filter list
2014-01-07 12:52:02,877 DEBUG [FilterChainProxy] - /resources/js/jquery-1.7.1.min.js has an empty filter list
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.metadata.js'; against '/**/*.css'
2014-01-07 12:52:02,877 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.metadata.js'; against '/**/*.js'
2014-01-07 12:52:02,877 DEBUG [FilterChainProxy] - /resources/js/jquery.metadata.js has an empty filter list
2014-01-07 12:52:02,893 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.jqgrid.min.js'; against '/**/*.css'
2014-01-07 12:52:02,893 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.jqgrid.min.js'; against '/**/*.js'
2014-01-07 12:52:02,893 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.validate.min.js'; against '/**/*.css'
2014-01-07 12:52:02,893 DEBUG [FilterChainProxy] - /resources/js/jquery.jqGrid.min.js has an empty filter list
2014-01-07 12:52:02,893 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.validate.min.js'; against '/**/*.js'
2014-01-07 12:52:02,893 DEBUG [FilterChainProxy] - /resources/js/jquery.validate.min.js has an empty filter list
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/messages.js'; against '/**/*.css'
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/messages.js'; against '/**/*.js'
2014-01-07 12:52:02,909 DEBUG [FilterChainProxy] - /resources/js/messages.js has an empty filter list
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.hotkeys-0.8.js'; against '/**/*.css'
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/jquery.hotkeys-0.8.js'; against '/**/*.js'
2014-01-07 12:52:02,909 DEBUG [FilterChainProxy] - /resources/js/jquery.hotkeys-0.8.js has an empty filter list
2014-01-07 12:52:02,909 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/shortcut-keys.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/constants.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/validation.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/common.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/shortcut-keys.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/constants.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/validation.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/common.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/shortcut-Keys.js has an empty filter list
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/validation.js has an empty filter list
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/common.js has an empty filter list
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/constants.js has an empty filter list
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/pages/login.js'; against '/**/*.css'
2014-01-07 12:52:02,924 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/js/pages/login.js'; against '/**/*.js'
2014-01-07 12:52:02,924 DEBUG [FilterChainProxy] - /resources/js/pages/login.js has an empty filter list
2014-01-07 12:52:02,940 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/css/yaml/yaml/core/js/yaml-focusfix.js'; against '/**/*.css'
2014-01-07 12:52:02,940 DEBUG [AntPathRequestMatcher] - Checking match of request : '/resources/css/yaml/yaml/core/js/yaml-focusfix.js'; against '/**/*.js'
2014-01-07 12:52:02,940 DEBUG [FilterChainProxy] - /resources/css/yaml/yaml/core/js/yaml-focusfix.js has an empty filter list

2014-01-07 12:50:43362信息[SpringSecurityCoreVersion]-您正在运行SpringSecurity核心3.1.4.0版本
2014-01-07 12:50:43362信息[SecurityNamespaceHandler]-Spring安全“配置”模块版本为3.1.4.0版本
2014-01-07 12:50:43455信息[HttpSecurityBeanDefinitionParser]-检查排序的筛选器链：[根bean:class[org.springframework.security.web.context.SecurityContextPersistenceFilter]；scope=；abstract=false；lazyInit=false；autowireMode=0；dependencyCheck=0；autowireCandidate=true；primary=false；factoryBeanName=null；factoryMethodName=null；initMethodName=null；destroyMethodName=null，order=200，根bean:class[org.springframework.security.web.authentication.logout.LogoutFilter]；scope=；abstract=false；lazyInit=false；autowireMode=0；dependencyCheck=0；autowireCandidate=true；primary=false；factoryBeanName=null；factoryMethodName=null；initMethodName=null；destroyMethodName=null，order=400，order=800，根bean:class[org.springframework.security.web.authentication.www.BasicAuthenticationFilter]；scope=；abstract=false；lazyInit=false；autowireMode=0；dependencyCheck=0；autowireCandidate=true；primary=false；factoryBeanName=null；factoryMethodName=null；initMethodName=null；destroyMethodName=null，order=1200，根bean:class[org.springframework.security.web.savedRequestCacheAwareFilter]；scope=；abstract=false；lazyInit=false；autowireMode=0；dependencyCheck=0；autowireCandidate=true；primary=false；factoryBeanName=null；factoryMethodName=null；initMethodName=null；destroyMethodName=null，order=1300，根bean:class[org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]；scope=；abstract=false；lazyInit=false；autowireMode=0；dependencyCheck=0；autowireCandidate=true；primary=false；factoryBeanName=null；factoryMethodName=null；initMethodName=null；destroyMethodName=null，order=1400，根bean:class[org.springframework.security.web.authentication.AnonymousAuthenticationFilter]；scope=；abstract=false；lazyInit=false；autowireMode=0；dependencyCheck=0；autowireCandidate=true；primary=false；factoryBeanName=null；factoryMethodName=null；initMethodName=null；destroyMethodName=null，order=1700，根bean:class[org.springframework.security.web.session.session.SessionManagementFilter]；scope=；abstract=false；lazyInit=false；autowireMode=0；dependencyCheck=0；autowireCandidate=true；primary=false；factoryBeanName=null；factoryMethodName=null；initMethodName=null；destroyMethodName=null，order=1800，根bean:class[org.springframework.security.web.access.ExceptionTranslationFilter]；scope=；abstract=false；lazyInit=false；autowireMode=0；dependencyCheck=0；autowireCandidate=true；primary=false；factoryBeanName=null；factoryMethodName=null；initMethodName=null；destroyMethodName=null，order=1900，order=2000]
2014-01-07 12:50:44236信息[DefaultSecurityFilterChain]-创建过滤器链：Ant[pattern='/***.css']，[]
2014-01-07 12:50:44283信息[DefaultSecurityFilterChain]-创建过滤器链：Ant[pattern='/***.js']，[]
2014-01-07 12:50:44283信息[DefaultSecurityFilterChain]-创建过滤器链：Ant[pattern='/***.png']，[]
2014-01-07 12:50:44283信息[DefaultSecurityFilterChain]-创建过滤器链：Ant[pattern='/***.jpg']，[]
2014-01-07 12:50:44283信息[DefaultSecurityFilterChain]-创建过滤器链：Ant[pattern='/***.gif']，[]
2014-01-07 12:50:44704调试
IS_AUTHENTICATED_ANONYMOUSLY

IS_AUTHENTICATED_ANONYMOUSLY,ROLE_LEVEL7

IS_AUTHENTICATED_ANONYMOUSLY

ROLE_ANONYMOUS,ROLE_LEVEL7

<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>*.htm</url-pattern>
</servlet-mapping>
<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>*.html</url-pattern>
</servlet-mapping>

<servlet-mapping>
    <servlet-name>mvc-dispatcher</servlet-name>
    <url-pattern>*.rep</url-pattern>
</servlet-mapping>