我使用Spring Security 3.2.4与基于java的配置.

重写的配置方法(在我的自定义配置类扩展WebSecurityConfigurerAdapter)中具有以下http块：

http
        .addFilterBefore(muiltpartFilter,ChannelProcessingFilter.class)
        .addFilterBefore(cf,ChannelProcessingFilter.class)
        .authorizeRequests()
            .anyRequest()
            .authenticated()
            .and()
        .authorizeRequests()
            .antMatchers("/ping**")
            .permitAll()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .logoutUrl("/logout")
        .logoutSuccessUrl("/login");

ping请求处理程序和方法在一个还包含登录处理程序的控制器中,并且没有单独的@PreAuthorize或其他可能导致问题的注释.

问题是匿名访问被拒绝,用户被重定向到登录页面.

在调试级别登录时,我会看到Spring Security提供的以下反馈信息：

[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] Secure object: FilterInvocation: URL: /ping; Attributes: [authenticated]
[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] PrevIoUsly Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faad796: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffa64e: RemoteIpAddress: 192.168.2.128; SessionId: 0EF6B13BBA5F00C020FF9C35A6E3FBA9; Granted Authorities: ROLE_ANONYMOUS
[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.access.Vote.AffirmativeBased] Voter: org.springframework.security.web.access.expression.WebExpressionVoter@123f2882,returned: -1
[2014-07-11 13:18:04,483] [DEBUG] [org.springframework.security.web.access.ExceptionTranslationFilter] Access is denied (user is anonymous); redirecting to authentication entry point

我想要完成的是具有可以在任何时候调用的方法,并且将发送一个回复,指示请求是否在登录的会话内.