public ConfigAttributeDefinition getAttributes(Object filter)
throws IllegalArgumentException {
// TODO Auto-generated method stub
FilterInvocation filterInvocation = (FilterInvocation) filter;
String requestURI = filterInvocation.getRequestUrl();
Map<String, String> urlAuthorities = this.getUrlAuthorities(filterInvocation);
String grantedAuthorities = null;
for(Iterator<Map.Entry<String, String>> iter = urlAuthorities.entrySet().iterator(); iter.hasNext();) {
Map.Entry<String, String> entry = iter.next();
String url = entry.getKey();
System.out.println(url + "*************************" + requestURI + "--" + urlMatcher.pathMatchesUrl(url, requestURI));
if(urlMatcher.pathMatchesUrl(url, requestURI)) {
grantedAuthorities = entry.getValue();
break;
}
}
if(grantedAuthorities != null) {
ConfigAttributeEditor configAttrEditor = new ConfigAttributeEditor();
configAttrEditor.setAsText(grantedAuthorities);
return (ConfigAttributeDefinition) configAttrEditor.getValue();
}
System.out.println("*****************************");
return null;
}这是对url的拦截 我的spring security拦截到了url 并且表示没权限 返回null 了 为什么界面还是跳转到了url上去了。这是配置问题 还是什么原因 在线等
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<!-- 自定义登陆界面以及登陆成功后跳转和登陆失败后的跳转 -->
<form-login login-page="/index.jsp"
authentication-failure-url="/login/login!test.action?error=true"
default-target-url="/login/login!login.action"
/>
</http>
这也没什么多余的配置