仅XML更改无法实现。下面为我工作
Spring-security.xml中的* 更改 *
<security:http use-expressions="true" authentication-manager-ref="authenticationManager"> <security:intercept-url pattern="/auth/**" access="hasAnyRole('ROLE_USER')" /> <security:form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler" authentication-failure-url="/login" login-processing-url="/j_spring_security_check" /> <security:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" /> <security:csrf request-matcher-ref="csrfSecurityRequestMatcher" /></security:http>
CsrfSecurityRequestMatcher
public class CsrfSecurityRequestMatcher implements RequestMatcher { private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$"); private RegexRequestMatcher unprotectedMatcher = new RegexRequestMatcher("/ext/**", null); @Override public boolean matches(HttpServletRequest request) { if(allowedMethods.matcher(request.getMethod()).matches()){ return false; } return !unprotectedMatcher.matches(request); }}
欢迎分享,转载请注明来源:内存溢出
评论列表(0条)