Spring Security 无法拦截
我在配置Spring Security的时候，遇到了一个问题。我想用/admin/admin!login.do这个Struts2的请求作为登录页面，登录成功后跳转到/admin/admin!main.do，我用Spring Security作为身份验证，我的web.xml文件内容如下：

XML code

<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5"     xmlns="http://java.sun.com/xml/ns/j2ee"     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee     http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd">        <!-- 防止Hibernate延迟加载session关闭 begin -->    <filter>        <filter-name>OpenSessionInViewFilter</filter-name>        <filter-class>            org.springframework.orm.hibernate3.support.OpenSessionInViewFilter        </filter-class>    </filter>    <!-- 防止Hibernate延迟加载session关闭 end -->            <!-- Spring Begin -->    <context-param>        <param-name>contextConfigLocation</param-name>        <param-value>classpath:spring.xml</param-value>    </context-param>    <listener>        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>    </listener>    <!-- Spring End -->        <!-- Spring Security过滤器 begin -->    <filter>        <filter-name>springSecurityFilterChain</filter-name>           <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>    </filter>    <!-- Spring Security过滤器 end -->        <!-- Struts Begin -->    <filter>        <filter-name>struts2</filter-name>        <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>    </filter>    <!-- Struts End -->            <!-- 页面缓存过滤器(for oscache) begin -->    <filter>        <filter-name>cacheFilter</filter-name>        <filter-class>com.opensymphony.oscache.web.filter.CacheFilter</filter-class>        <init-param>            <param-name>time</param-name>            <param-value>3600</param-value>        </init-param>        <init-param>            <param-name>scope</param-name>            <param-value>application</param-value>        </init-param>    </filter>    <!-- 页面缓存过滤器(for oscache) end -->        <!-- oscache缓存(标签) begin -->    <taglib>         <taglib-uri>oscache</taglib-uri>         <taglib-location>/WEB-INF/classes/oscache.tld</taglib-location>     </taglib>     <!-- oscache缓存(标签) end -->        <!-- 防止Hibernate延迟加载session关闭(URL) begin -->    <filter-mapping>        <filter-name>OpenSessionInViewFilter</filter-name>        <url-pattern>/*</url-pattern>    </filter-mapping>    <!-- 防止Hibernate延迟加载session关闭(URL) end -->            <!-- Spring Security(URL) begin -->    <filter-mapping>        <filter-name>springSecurityFilterChain</filter-name>        <url-pattern>/admin/*</url-pattern>    </filter-mapping>    <!-- Spring Security(URL) end -->        <!-- Struts2过滤器(URL) begin -->    <filter-mapping>        <filter-name>struts2</filter-name>        <url-pattern>*.do</url-pattern>    </filter-mapping>    <!-- Struts2过滤器(URL) end -->        <!-- JSPSupportServlet配置 begin -->    <servlet>        <servlet-name>JSPSupportServlet</servlet-name>        <servlet-class>org.apache.struts2.views.JspSupportServlet</servlet-class>        <load-on-startup>1</load-on-startup>    </servlet>    <!-- JSPSupportServlet配置 end -->        <welcome-file-list>      <welcome-file>index.jsp</welcome-file>    </welcome-file-list></web-app> 
 

我的Spring配置文件的部分内容(关于Security的)如下：

XML code

    <sec:http auto-config="true" access-decision-manager-ref="accessDecisionManager" servlet-api-provision="false" >        <sec:intercept-url pattern="/admin/admin!login.do" filters="none" />        <sec:form-login login-page="/admin/admin!login.do" login-processing-url="/admin/loginVerify" default-target-url="/admin/admin!main.do"            authentication-failure-url="/admin/admin!login.do" always-use-default-target="true"  />        <sec:logout invalidate-session="true" logout-success-url="/admin/admin!login.do" logout-url="/admin/logout" />    </sec:http>    <!-- 后台管理权限认证 -->    <sec:authentication-provider user-service-ref="adminDetailsServiceImpl">    </sec:authentication-provider>    <sec:authentication-manager alias="authenticationManager" />    <!-- 定义权限、资源关系 -->    <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">        <sec:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />        <property name="authenticationManager" ref="authenticationManager" />        <property name="accessDecisionManager" ref="accessDecisionManager" />        <property name="objectDefinitionSource" ref="adminSecurityDefinitionSource" />    </bean>        <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">        <property name="decisionVoters">            <list>                <bean class="org.springframework.security.vote.RoleVoter" />                <bean class="org.springframework.security.vote.AuthenticatedVoter" />            </list>        </property>    </bean>

通过上面配置好了后，我启动项目，可以启动，但现在的问题是这样，当我直接访问/admin/admin!main.do这个请求的时候，也是照样可以访问的，似乎Security并没有给我的请求拦截了，正常的情况下，应该在直接访问/admin/admin!main.do会跳转到出错页面的，但是为什么我的是能直接访问呢。

[解决办法]
我已经解决这个问题了，你也是在改造shopxx吧？呵呵，因为默认配置 adminSecurityDefinitionSource 资源访问权限，你的 admin_role，role_resource，role，resource几个表的数据肯定是空的，没有配置资源，所以匿名用户在也可以访问：admin/admin!main.action,把数据还原了就OK了。