设置反向安全约束
我正在尝试向后设置安全约束。我想说的是,除了我指定的页面之外,所有页面都需要登录。我使用:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
但我不知道怎么说index.jsp不需要登录。
I am trying to set up security-constraints backwards. I want to say all pages need a login except for the ones I specify. I use:
<security-constraint>
<web-resource-collection>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
But I can't figure out how to say index.jsp doesn't need a login.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
简单的答案是,您无法使用 web.xml 来实现这一点(可以说是一件好事,因为安全机制最好保持尽可能简单)。正如 @Johan 所说,保护一些 url 模式,例如
/secure/*或/app/*并将所有页面放在那里。The simple answer is that you cannot achieve this using web.xml (arguably a good thing, since security mechanisms are best kept as simple as possible). As @Johan says, secure some url pattern such as
/secure/*or/app/*and put all your pages there.将所有安全页面放入
/secure并将安全过滤器配置为/secure/*,或者在过滤配置中创建排除项。以下示例基于 spring-security:Either put all secure pages
/secureand configure your security filter to/secure/*, or create an exclusion in your filtering config. The following sample is based on spring-security: