spring security升级到3.1的一个小问题:不再支持filter="none"了
今天发现spring全体升级到3.1了,官方网站说是100%与3.0兼容,当然这指的是spring framework,可能没有包括spring security.
根据我个人升级的经历来说,首先xml头上的xsd文件版本要更新一下,从3.0.xsd改为3.1.xsd
另外,遇到了一个问题就是spring security中不再支持filter="none"了
比如:
<http use-expression="true" auto-config="true">
<intercept-url pattern="/static/**" filters="none"/>
<intercept-url pattern="/security/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<http-basic/>
</http>
需要改成:
<http pattern="/static/**" security="none"/>
<http use-expression="true" auto-config="true">
<intercept-url pattern="/security/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<http-basic/>
</http>
