在使用Spring Security時,我們通常會允許任何使用者可進入登入頁面(例如login.jsp
),所以通常對/login.jsp
的存取權限設定如下。
<http>
<intercept-url pattern="/login.jsp" access="permitAll" />
...
</http>
但儘管access
已設為permitAll
了,但每次系統啟動時在console的log DEBUG訊息都會看到如下錯誤。
13:48:15.157 [http-nio-8080-exec-2] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
但根據官網的說明,這是正常現象所以不用擔心。
參考:
沒有留言:
張貼留言