|
|
|
|
@ -259,7 +259,22 @@
@@ -259,7 +259,22 @@
|
|
|
|
|
attributes such as <literal>requires-channel</literal>, so you will not be able to access |
|
|
|
|
information on the current user or call secured methods during the request. Use |
|
|
|
|
<literal>access='IS_AUTHENTICATED_ANONYMOUSLY'</literal> as an alternative if you still |
|
|
|
|
want the security filter chain to be applied.</para> |
|
|
|
|
want the security filter chain to be applied. |
|
|
|
|
<note> |
|
|
|
|
<para>Using <literal>filters="none"</literal> operates by creating an empty filter |
|
|
|
|
chain in Spring Security's <classname>FilterChainProxy</classname>, whereas |
|
|
|
|
the access attributes are used to configure the |
|
|
|
|
<classname>FilterSecurityInterceptor</classname> in the single filter chain |
|
|
|
|
which is created by the namespace configuration. The two are applied |
|
|
|
|
independently, so if you have an access contraint for a sub-pattern of a |
|
|
|
|
pattern which has a <literal>filters="none"</literal> attribute, the access |
|
|
|
|
constraint will be ignored, even if it is listed first. It isn't possible to |
|
|
|
|
apply a <literal>filters="none"</literal> attribute to the pattern |
|
|
|
|
<literal>/**</literal> since this is used by the namespace filter chain. In |
|
|
|
|
version 3.1 things are more flexible. You can define multiple filter chains |
|
|
|
|
and the <literal>filters</literal> attribute is no longer supported.</para> |
|
|
|
|
</note> |
|
|
|
|
</para> |
|
|
|
|
<para>If you want to use basic authentication instead of form login, then change the |
|
|
|
|
configuration to <programlisting language="xml"><
Luke Taylor
15 years ago