我在我的项目中实现了这个安全过程: Spring Security 3 - MVC集成教程(第2部分).
我的问题是我需要将其转换为基于Ajax的登录.为了使这个XML适合只返回客户端的字符串/ JSON,我需要做什么?我知道问题可能在form-login标签中.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- This is where we configure Spring-Security -->
<http auto-config="true" use-expressions="true" access-denied-page="/Management/auth/denied" >
<intercept-url pattern="/Management/auth/login" access="permitAll"/>
<intercept-url pattern="/Management/main/admin" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/Management/main/common" access="hasRole('ROLE_USER')"/>
<form-login
login-page="/Management/auth/login"
authentication-failure-url="/Management/auth/login?error=true"
default-target-url="/Management/main/common"/>
<logout
invalidate-session="true"
logout-success-url="/Management/auth/login"
logout-url="/Management/auth/logout"/>
</http>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
</authentication-manager>
<!-- Use a Md5 encoder since the user's passwords are …我正在使用此链接配置安全性和spring-boot作为其他的基础.但Spring-boot提供的静态资源处理程序在安全设置之前执行.因此,如果我发送POST请求,静态内容处理程序会回应我不支持POST的方法.如果我请求GET方法,静态响应处理程序捕获它并尝试查找资源.因此,静态内容处理程序捕获的任何请求都不会转到安全筛选器.
如何禁用spring-boot提供的静态内容过滤器/处理程序?