Spring security Spring security：在3.1中，仅对'；获取'；请求

我希望我的服务仅对传入的POST/PUT/DELETE请求执行身份验证，并对任何GET请求绕过它。小于3.1的Spring版本具有“filters=“none”属性，可用于绕过特定URL模式的所有安全过滤器。在3.1中，“filters=“none”被弃用，替代解决方案是对“http”元素使用“security=“none”属性。这不支持基于传入请求类型（GET/PUT/POST/DELETE）的配置

我使用的是Spring 3.1.1，当前配置如下：

<!-- Just un-comment any resource if you don't want authentication to be done on them -->
<http pattern="/base/version" security="none"/>

<!-- Secure resources -->
<http create-session='stateless' entry-point-ref="tokenAuthenticationEntryPoint">
  <custom-filter position="PRE_AUTH_FILTER" ref="tokenAuthenticationFilter" />
  <intercept-url pattern="/v1/abc/**" method="GET" filters="none"/>  //This doesn’t work currently
  <intercept-url pattern="/v1/abc/**" method="POST" access="ROLE_USER"/>
  <intercept-url pattern="/v1/abc/**" method="PUT" access="ROLE_USER"/>
  <intercept-url pattern="/v1/abc/**" method="DELETE" access="ROLE_USER"/>
  <intercept-url pattern="/**" access="ROLE_USER" />
</http>

//这目前不起作用

---

如何绕过Spring 3.1中pattern=“/v1/abc/**”method=“GET”的安全过滤器？

我找到了一种解决问题的方法-使用基于表达式的访问控制，我使用了Access=“permitAll”，它在不禁用过滤器的情况下配置授权

<!-- Just un-comment any resource if you don't want authentication to be done on them -->
<http pattern="/base/version" security="none"/>

<!-- Secure resources -->
<http create-session='stateless' entry-point-ref="tokenAuthenticationEntryPoint" use-    expressions="true">
  <custom-filter position="PRE_AUTH_FILTER" ref="tokenAuthenticationFilter" />
  <intercept-url pattern="/v1/abc/**" method="GET" access="permitAll"/>
  <intercept-url pattern="/v1/abc/**" method="POST" access="hasRole('ROLE_USER')"/>
  <intercept-url pattern="/v1/abc/**" method="PUT" access="hasRole('ROLE_USER')"/>
  <intercept-url pattern="/v1/abc/**" method="DELETE" access="hasRole('ROLE_USER')"/>
  <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
</http>