I use spring-security to protect my network when I examine it using the spring-roo generated configuration file in applicationContext-security.xml, in the <http> node:
<intercept-url pattern="/userses?form" access="hasRole('ROLE_ADMIN')" />
This means that if you want to create a Users object, you first need to log in to get ADMIN permission. But actually it didnβt work. Check the log:
2012-05-06 11:39:11,250 [http-8088-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/userses'; against '/userses?form'
Does the structure use / userses instead of / userses? form for comparison, the authentication process is skipped because the string does not match. To test this, I will also try a different URL:
<intercept-url pattern="/userses/abc" access="hasRole('ROLE_ADMIN')" />
I asked / userses / abc, it found that the user was not logged in and went to the / login page, checked the log:
2012-05-06 11:46:44,343 [http-8088-7] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/uesrses/abc'; against '/userses/abc'
So my question is: does spring -secure 3 support "?" or did i miss something in config to support this? PS: All code is generated without changes, it is also surprising why it does not work.
source share