[英]Difference between access=“permitAll” and filters=“none”?
Here is a part from Spring Security petclinic example: 以下是Spring Security petclinic示例的一部分:
<http use-expressions="true">
<intercept-url pattern="/" access="permitAll"/>
<intercept-url pattern="/static/**" filters="none" />
<intercept-url pattern="/**" access="isAuthenticated()" />
<form-login />
<logout />
</http>
What is the difference between access="permitAll" and filters="none"? access =“permitAll”和filters =“none”之间有什么区别?
Url: http://static.springsource.org/spring-security/site/petclinic-tutorial.html 网址: http : //static.springsource.org/spring-security/site/petclinic-tutorial.html
The difference is that filters = "none"
disables Spring Security filters for the specified URLs, whereas access = "permitAll"
configures authorization without disabling filters. 不同之处在于filters = "none"
禁用指定URL的Spring Security过滤器,而access = "permitAll"
配置授权而不禁用过滤器。
In practice, filters = "none"
may cause problems when resources behind it require some functionality of Spring Security. 实际上,当其背后的资源需要Spring Security的某些功能时, filters = "none"
可能会导致问题。 For example, you can't use it for user registration page that performs programmatic login on submit ( User Granted Authorities are always : ROLE_ANONYMOUS? ). 例如,您不能将它用于在提交时执行程序化登录的用户注册页面( 用户授权的权限始终为:ROLE_ANONYMOUS? )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.