快速訪問在登錄頁面

被拒絕我使用Spring Security的3 JSF 2個ICEFaces的2 和我配置我的應用程序如下：快速訪問在登錄頁面

所有的頁面已經被保護（需要身份驗證），除了登錄。
登錄頁面未經過濾，所以任何用戶都可以訪問它。

問題：試圖運行應用程序時，用戶被重定向到主頁，但他沒有，所以他的重定向到登錄頁面，頁面加載罰款記錄，我用彈簧安全調試模式，所以我可以看到訪問被拒絕的異常。

這裏是我的代碼：

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
     http://www.springframework.org/schema/beans/spring-beans-3.1.xsd 
     http://www.springframework.org/schema/security 
     http://www.springframework.org/schema/security/spring-security-3.0.4.xsd"> 


    <global-method-security pre-post-annotations="enabled" /> 

    <!-- key configuration here is an entry point to be used by security intercepts --> 
    <http use-expressions="true" auto-config="false"> 

    <session-management session-fixation-protection="none"/> 

    <remember-me token-validity-seconds="1209600"/> 

    <!-- Exclude the login page from the security check --> 
    <intercept-url pattern="/faces/login.xhtml" access="permitAll"/> 

    <!-- All pages requires authentication (not anonymous user) --> 
    <intercept-url pattern="/faces/**" access="isAuthenticated()" /> 

    <intercept-url pattern="/images/**" filters="none" /> 
    <intercept-url pattern="/scripts/**" filters="none" /> 
    <intercept-url pattern="/css/**" filters="none" /> 

    <!-- Returns true if the user is not anonymous --> 


    <access-denied-handler error-page="/error"/> 

    <form-login default-target-url="/users" 
    always-use-default-target="true"    
     login-processing-url="/j_spring_security_check"   
     login-page="/faces/login.xhtml" 
     authentication-failure-url="/login?login_error=1"                
    /> 

    <logout logout-url="/logout" logout-success-url="/login" />  
</http> 

<authentication-manager alias="authenticationManager">   
<authentication-provider user-service-ref="userDetailsServiceImpl"> 
</authentication-provider> 
</authentication-manager> 


</beans:beans>

和這裏的調試：

DEBUG [http-8080-5] (FilterChainProxy.java:202) - Candidate is: '/faces/login.xhtml'; pattern is /css/**; matched=false 
DEBUG [http-8080-5] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/login.xhtml'; to: '/faces/login.xhtml' 
DEBUG [http-8080-5] (FilterChainProxy.java:202) - Candidate is: '/faces/login.xhtml'; pattern is /**; matched=true 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG [http-8080-5] (HttpSessionSecurityContextRepository.java:142) - HttpSession returned null object for SPRING_SECURITY_CONTEXT 
DEBUG [http-8080-5] (HttpSessionSecurityContextRepository.java:88) - No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 2 of 9 in additional filter chain; firing Filter: 'LogoutFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 3 of 9 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
DEBUG [http-8080-5] (DefaultSavedRequest.java:336) - pathInfo: arg1=/javax.faces.resource/compat.js; arg2=/login.xhtml (property not equals) 
DEBUG [http-8080-5] (HttpSessionRequestCache.java:72) - saved request doesn't match 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 6 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 7 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
DEBUG [http-8080-5] (AnonymousAuthenticationFilter.java:67) - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9057bc48: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5721C800637CFCD4F6EF9E512468F64; Granted Authorities: ROLE_ANONYMOUS' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
DEBUG [http-8080-5] (DefaultFilterInvocationSecurityMetadataSource.java:173) - Converted URL to lowercase, from: '/faces/login.xhtml'; to: '/faces/login.xhtml' 
DEBUG [http-8080-5] (DefaultFilterInvocationSecurityMetadataSource.java:200) - Candidate is: '/faces/login.xhtml'; pattern is /faces/login.xhtml; matched=true 
DEBUG [http-8080-5] (AbstractSecurityInterceptor.java:191) - Secure object: FilterInvocation: URL: /faces/login.xhtml; Attributes: [permitAll] 
DEBUG [http-8080-5] (AbstractSecurityInterceptor.java:292) - Previously Authenticated: org.sprin[email protected]9057bc48: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5721C800637CFCD4F6EF9E512468F64; Granted Authorities: ROLE_ANONYMOUS 
DEBUG [http-8080-5] (AffirmativeBased.java:53) - Voter: org.sp[email protected]20688e91, returned: 1 
DEBUG [http-8080-5] (AbstractSecurityInterceptor.java:213) - Authorization successful 
DEBUG [http-8080-5] (AbstractSecurityInterceptor.java:223) - RunAsManager did not change Authentication object 
DEBUG [http-8080-5] (FilterChainProxy.java:362) - /faces/login.xhtml reached end of additional filter chain; proceeding with original chain 
DEBUG [http-8080-5] (ExceptionTranslationFilter.java:100) - Chain processed normally 
DEBUG [http-8080-5] (HttpSessionSecurityContextRepository.java:338) - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
DEBUG [http-8080-5] (SecurityContextPersistenceFilter.java:89) - SecurityContextHolder now cleared, as request processing completed 
DEBUG [http-8080-5] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/login.xhtml'; to: '/faces/login.xhtml' 
DEBUG [http-8080-2] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; to: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css' 
DEBUG [http-8080-5] (FilterChainProxy.java:202) - Candidate is: '/faces/login.xhtml'; pattern is /images/**; matched=false 
DEBUG [http-8080-3] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/javax.faces.resource/combined.css'; to: '/faces/javax.faces.resource/combined.css' 
DEBUG [http-8080-5] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/login.xhtml'; to: '/faces/login.xhtml' 
DEBUG [http-8080-2] (FilterChainProxy.java:202) - Candidate is: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; pattern is /images/**; matched=false 
DEBUG [http-8080-5] (FilterChainProxy.java:202) - Candidate is: '/faces/login.xhtml'; pattern is /scripts/**; matched=false 
DEBUG [http-8080-3] (FilterChainProxy.java:202) - Candidate is: '/faces/javax.faces.resource/combined.css'; pattern is /images/**; matched=false 
DEBUG [http-8080-5] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/login.xhtml'; to: '/faces/login.xhtml' 
DEBUG [http-8080-2] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; to: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css' 
DEBUG [http-8080-5] (FilterChainProxy.java:202) - Candidate is: '/faces/login.xhtml'; pattern is /css/**; matched=false 
DEBUG [http-8080-3] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/javax.faces.resource/combined.css'; to: '/faces/javax.faces.resource/combined.css' 
DEBUG [http-8080-5] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/login.xhtml'; to: '/faces/login.xhtml' 
DEBUG [http-8080-2] (FilterChainProxy.java:202) - Candidate is: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; pattern is /scripts/**; matched=false 
DEBUG [http-8080-5] (FilterChainProxy.java:202) - Candidate is: '/faces/login.xhtml'; pattern is /**; matched=true 
DEBUG [http-8080-3] (FilterChainProxy.java:202) - Candidate is: '/faces/javax.faces.resource/combined.css'; pattern is /scripts/**; matched=false 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG [http-8080-2] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; to: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css' 
DEBUG [http-8080-5] (HttpSessionSecurityContextRepository.java:142) - HttpSession returned null object for SPRING_SECURITY_CONTEXT 
DEBUG [http-8080-3] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/javax.faces.resource/combined.css'; to: '/faces/javax.faces.resource/combined.css' 
DEBUG [http-8080-5] (HttpSessionSecurityContextRepository.java:88) - No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
DEBUG [http-8080-2] (FilterChainProxy.java:202) - Candidate is: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; pattern is /css/**; matched=false 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 2 of 9 in additional filter chain; firing Filter: 'LogoutFilter' 
DEBUG [http-8080-3] (FilterChainProxy.java:202) - Candidate is: '/faces/javax.faces.resource/combined.css'; pattern is /css/**; matched=false 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 3 of 9 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
DEBUG [http-8080-2] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; to: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
DEBUG [http-8080-3] (FilterChainProxy.java:195) - Converted URL to lowercase, from: '/faces/javax.faces.resource/combined.css'; to: '/faces/javax.faces.resource/combined.css' 
DEBUG [http-8080-5] (DefaultSavedRequest.java:336) - pathInfo: arg1=/javax.faces.resource/compat.js; arg2=/login.xhtml (property not equals) 
DEBUG [http-8080-2] (FilterChainProxy.java:202) - Candidate is: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; pattern is /**; matched=true 
DEBUG [http-8080-5] (HttpSessionRequestCache.java:72) - saved request doesn't match 
DEBUG [http-8080-3] (FilterChainProxy.java:202) - Candidate is: '/faces/javax.faces.resource/combined.css'; pattern is /**; matched=true 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 6 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 7 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:142) - HttpSession returned null object for SPRING_SECURITY_CONTEXT 
DEBUG [http-8080-5] (AnonymousAuthenticationFilter.java:67) - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9057bc48: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5721C800637CFCD4F6EF9E512468F64; Granted Authorities: ROLE_ANONYMOUS' 
DEBUG [http-8080-3] (HttpSessionSecurityContextRepository.java:142) - HttpSession returned null object for SPRING_SECURITY_CONTEXT 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:375) - /faces/login.xhtml at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
DEBUG [http-8080-2] (HttpSessionSecurityContextRepository.java:88) - No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
DEBUG [http-8080-5] (DefaultFilterInvocationSecurityMetadataSource.java:173) - Converted URL to lowercase, from: '/faces/login.xhtml'; to: '/faces/login.xhtml' 
DEBUG [http-8080-3] (HttpSessionSecurityContextRepository.java:88) - No SecurityContext was available from the HttpSession: [email protected] A new one will be created. 
DEBUG [http-8080-5] (DefaultFilterInvocationSecurityMetadataSource.java:200) - Candidate is: '/faces/login.xhtml'; pattern is /faces/login.xhtml; matched=true 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 2 of 9 in additional filter chain; firing Filter: 'LogoutFilter' 
DEBUG [http-8080-5] (AbstractSecurityInterceptor.java:191) - Secure object: FilterInvocation: URL: /faces/login.xhtml; Attributes: [permitAll] 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 2 of 9 in additional filter chain; firing Filter: 'LogoutFilter' 
DEBUG [http-8080-5] (AbstractSecurityInterceptor.java:292) - Previously Authenticated: org.sprin[email protected]9057bc48: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5721C800637CFCD4F6EF9E512468F64; Granted Authorities: ROLE_ANONYMOUS 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 3 of 9 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
DEBUG [http-8080-5] (AffirmativeBased.java:53) - Voter: org.sp[email protected]20688e91, returned: 1 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 3 of 9 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 
DEBUG [http-8080-5] (AbstractSecurityInterceptor.java:213) - Authorization successful 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
DEBUG [http-8080-5] (AbstractSecurityInterceptor.java:223) - RunAsManager did not change Authentication object 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter' 
DEBUG [http-8080-5] (FilterChainProxy.java:362) - /faces/login.xhtml reached end of additional filter chain; proceeding with original chain 
DEBUG [http-8080-2] (DefaultSavedRequest.java:336) - pathInfo: arg1=/javax.faces.resource/compat.js; arg2=/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css (property not equals) 
DEBUG [http-8080-2] (HttpSessionRequestCache.java:72) - saved request doesn't match 
DEBUG [http-8080-3] (DefaultSavedRequest.java:336) - pathInfo: arg1=/javax.faces.resource/compat.js; arg2=/javax.faces.resource/combined.css (property not equals) 
DEBUG [http-8080-3] (HttpSessionRequestCache.java:72) - saved request doesn't match 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter' 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 6 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 6 of 9 in additional filter chain; firing Filter: 'RememberMeAuthenticationFilter' 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 7 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 7 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter' 
DEBUG [http-8080-2] (AnonymousAuthenticationFilter.java:67) - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9057bc48: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5721C800637CFCD4F6EF9E512468F64; Granted Authorities: ROLE_ANONYMOUS' 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
DEBUG [http-8080-2] (FilterChainProxy.java:375) - /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3 at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
DEBUG [http-8080-3] (AnonymousAuthenticationFilter.java:67) - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9057bc48: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5721C800637CFCD4F6EF9E512468F64; Granted Authorities: ROLE_ANONYMOUS' 
DEBUG [http-8080-2] (DefaultFilterInvocationSecurityMetadataSource.java:173) - Converted URL to lowercase, from: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; to: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css' 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter' 
DEBUG [http-8080-2] (DefaultFilterInvocationSecurityMetadataSource.java:200) - Candidate is: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; pattern is /faces/login.xhtml; matched=false 
DEBUG [http-8080-3] (FilterChainProxy.java:375) - /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor' 
DEBUG [http-8080-2] (DefaultFilterInvocationSecurityMetadataSource.java:200) - Candidate is: '/faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css'; pattern is /faces/**; matched=true 
DEBUG [http-8080-3] (DefaultFilterInvocationSecurityMetadataSource.java:173) - Converted URL to lowercase, from: '/faces/javax.faces.resource/combined.css'; to: '/faces/javax.faces.resource/combined.css' 
DEBUG [http-8080-2] (AbstractSecurityInterceptor.java:191) - Secure object: FilterInvocation: URL: /faces/javax.faces.resource/yui2-skin-sam-button/assets/button-core.css?ln=yui/2in3; Attributes: [isAuthenticated()] 
DEBUG [http-8080-3] (DefaultFilterInvocationSecurityMetadataSource.java:200) - Candidate is: '/faces/javax.faces.resource/combined.css'; pattern is /faces/login.xhtml; matched=false 
DEBUG [http-8080-3] (DefaultFilterInvocationSecurityMetadataSource.java:200) - Candidate is: '/faces/javax.faces.resource/combined.css'; pattern is /faces/**; matched=true 
DEBUG [http-8080-3] (AbstractSecurityInterceptor.java:191) - Secure object: FilterInvocation: URL: /faces/javax.faces.resource/combined.css?ln=org.icefaces.component.util; Attributes: [isAuthenticated()] 
DEBUG [http-8080-3] (AbstractSecurityInterceptor.java:292) - Previously Authenticated: org.sprin[email protected]9057bc48: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]2cd90: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: A5721C800637CFCD4F6EF9E512468F64; Granted Authorities: ROLE_ANONYMOUS 
DEBUG [http-8080-3] (AffirmativeBased.java:53) - Voter: org.sp[email protected]20688e91, returned: -1 
DEBUG [http-8080-3] (ExceptionTranslationFilter.java:153) - Access is denied (user is anonymous); redirecting to authentication entry point 
org.springframework.security.access.AccessDeniedException: Access is denied 
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) 
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) 
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:112) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) 
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169) 
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) 
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) 
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) 
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) 
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) 
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) 
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) 
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) 
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) 
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:291) 
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) 
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602) 
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) 
    at java.lang.Thread.run(Thread.java:619)

來源

2011-10-13 Mahmoud Saleh

你必須定義登錄頁面本身是沒有登錄訪問。

<security:intercept-url pattern="/faces/login.xhtml" access="permitAll" />

，並把這個前行「一網打盡」行：

<intercept-url pattern="/faces/**" access="isAuthenticated()" />

參考文件說的網址以相同的順序相匹配的聲明！

差異access和filter之間的屬性 - 你需要knwo春天的安全性有一個完整的過濾器鏈，而accessDesisionFilter只是其中之一。（這完全過濾器鏈由<security:http auto="true">

使用過濾器=「無」創造了Spring Security的FilterChainProxy一個空的過濾器鏈工作啓動，而訪問屬性來配置FilterSecurityInterceptor中是唯一的過濾器鏈這兩者是獨立應用的，所以如果你對一個具有filters =「none」屬性的模式的子模式有一個訪問限制，訪問約束將被忽略，即使它被首先列出。因爲這被命名空間過濾器鏈使用，所以不可能對模式/ **應用一個filters =「none」屬性，在3.1版中事情更加靈活，你可以定義多個過濾器鏈，並且filters屬性是不再支持。

來源

2011-10-13 10:37:24 Ralph

我看到一些示例也使用了以下標記：''這是什麼意思？ –

這意味着根沒有任何限制 - 但是您的問題會成爲訂單。抓住所有必須是最後！ – Ralph

添加上述更改後，我仍然收到該死的異常，調試添加到原始帖子。 –

快速訪問在登錄頁面

回答

相關問題