無限循環，同時解決了攔截url春季安全

Question

春季安全我很新。我正在做下面的代碼。

<http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/css/**" filters="none" /> 
     <intercept-url pattern="/sign" access="isAnonymous()" /> 
     <intercept-url pattern="/signup" access="isAnonymous()" /> 
     <intercept-url pattern="/panel/signin" access="isAnonymous()" /> 
     <intercept-url pattern="/singout" access="permitAll" /> 
     <intercept-url pattern="/panel/**" access="hasRole(ROLE_USER)" /> 
     <intercept-url pattern="/**" access="isAuthenticated()" /> 
     <form-login login-page="/signin" default-target-url="/home" authentication-failure-url="/signin" /> 
     <logout logout-success-url="/logout" /> 
    </http> 

    <authentication-manager> 
      <authentication-provider user-service-ref="userLoginService"> 
       <password-encoder hash="plaintext"/> 
      </authentication-provider> 
     </authentication-manager> 

我想爲匿名用戶打開登錄，註冊，/ panel/sigin，/ panel/signup，但想限制其餘的url。但是當我使用這段代碼時，它會在瀏覽器上顯示「無限循環」錯誤。

當我刪除一行是 然後它很好，但沒有限制的網址。

可以通過一些正文來糾正這段代碼。

Answer 1

當您嘗試訪問一些安全的URL時，應用程序會將您重定向到登錄頁面，但由於/singin也是安全的（最後一個過濾器會拒絕它），應用程序會嘗試重複導向登錄頁面。

將<intercept-url pattern="/singin" filters="none" />或permitAll加到頂部。

<http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/singin" filters="none" /> 
     <intercept-url pattern="/css/**" filters="none" /> 
     <intercept-url pattern="/sign" access="isAnonymous()" /> 
     <intercept-url pattern="/signup" access="isAnonymous()" /> 
     <intercept-url pattern="/panel/signin" access="isAnonymous()" /> 
     <intercept-url pattern="/singout" access="permitAll" /> 
     <intercept-url pattern="/panel/**" access="hasRole(ROLE_USER)" /> 
     <intercept-url pattern="/**" access="isAuthenticated()" /> 
     <form-login login-page="/signin" default-target-url="/home" authentication-failure-url="/signin" /> 
     <logout logout-success-url="/logout" /> 
    </http>