Spring Security 3.0.5会话到期重定向

编程问答 2022-04-25

问题描述

| 我正在尝试实施配置,但是它从未将我重定向到我的login.html页面,有什么想法吗? 安全配置: 
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<beans:beans
    xmlns=\"http://www.springframework.org/schema/security\"
    xmlns:beans=\"http://www.springframework.org/schema/beans\"
    xmlns:util=\"http://www.springframework.org/schema/util\"
    xmlns:context=\"http://www.springframework.org/schema/context\"
    xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
    xsi:schemaLocation=\"http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/util
    http://www.springframework.org/schema/util/spring-util-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd
    http://www.springframework.org/schema/context
    http://www.springframework.org/schema/context/spring-context-3.0.xsd\">
    <context:annotation-config />
    <context:component-scan base-package=\"dc\" />
    <global-method-security />
    <http access-denied-page=\"/auth/denied.html\">
         <intercept-url filters=\"none\" pattern=\"/javax.faces.resource/**\" />
         <intercept-url filters=\"none\" pattern=\"/services/rest-api/1.0/**\" />
         <intercept-url filters=\"none\" pattern=\"/preregistered/*\"/>
         <intercept-url
            pattern=\"/**/*.xhtml\"
            access=\"ROLE_NONE_GETS_ACCESS\" />
         <intercept-url
            pattern=\"/auth/*\"
            access=\"ROLE_ANONYMOUS,ROLE_USER\"/>
         <intercept-url
            pattern=\"/preregistered/*\"
            access=\"ROLE_ANONYMOUS,ROLE_USER\"/>
         <intercept-url
            pattern=\"/registered/*\"
            access=\"ROLE_USER\"
            requires-channel=\"http\"/>
        <form-login
            login-processing-url=\"/j_spring_security_check.html\"
            login-page=\"/auth/login.html\"
            default-target-url=\"/registered/home.html\"
            authentication-failure-url=\"/auth/login.html\" />
         <logout invalidate-session=\"true\" 
              logout-url=\"/auth/logout.html\" 
              success-handler-ref=\"DClogoutSuccessHandler\"/>
        <anonymous username=\"guest\" granted-authority=\"ROLE_ANONYMOUS\"/>
        <custom-filter after=\"FORM_LOGIN_FILTER\" ref=\"xmlAuthenticationFilter\" />
        <session-management session-fixation-protection=\"none\"/>
    </http>
    <!-- Configure the authentication provider -->
    <authentication-manager alias=\"am\">
        <authentication-provider user-service-ref=\"userManager\">
                <password-encoder ref=\"passwordEncoder\" />
        </authentication-provider>
        <authentication-provider ref=\"xmlAuthenticationProvider\" />
    </authentication-manager>
</beans:beans>
    

解决方法

由于有很多问题 
filters=\"none\"
尝试 
access=\"IS_AUTHENTICATED_ANONYMOUSLY\"