{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 神经病院院长 的问题《How to unsecure /** URL pattern in spring-security》','https://www.manongdao.com/q-388827.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm trying to unsecure the /** pattern, but all my tries are in vain so far.
This is what I'm doing:
<security:intercept-url pattern="/**" filters="none" />
My configuration doesn't contain any more intercept-url definitions.
However after accessing any URL I still get redirected to the default entry point...
I debugged the spring security source and I can actually see the the filters being loaded for the URL I'm trying to access. (FilterChainProxy line: 154, the filters list is full)
Any insight into why this happens and how to unsecure /** would be very appreciated.
I'm using 3.0.5.RELEASE
EDIT:
Security configuration:
<security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
<!-- dev --><security:intercept-url pattern="/**" filters="none" />
<security:custom-filter position="FORM_LOGIN_FILTER" ref="absoluteUrlSsoFilter" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="ssoDetailsService" />
</security:authentication-manager>
This is the relevant part, I could also give you the bean definitions, but I doubt the problem is there.
Why configure Spring Security if You want to turn in off completelly in the first place?
If You wan it off in dev mode why not put it in seperate XML and not load this single file when id dev mode and comment the
springSecurityFilterChainin web.xml? (the second one You can do with Maven resource processing).Or try some dummy entry before the
/**matcher:Still don't really get the reason why would You need the security fully configured and turned in the same time off?
at least in grails, you could set the security setting to IS_AUTHENTICATED_ANONYMOUSLY. Since the grails spring security plugin is based on spring security, I bet this would work.
no need to play with filters or anything.