tôi đang sử dụng GWT 2.4 và Xuân 3.1 và tôi muốn đảm bảo ứng dụng của tôi với Xuân An. Tôi đang tìm kiếm giải pháp chỉ có GWT mà không có trang đăng nhập JSP riêng biệt. Tôi chỉ tìm thấy các trang web cũ bằng cách sử dụng JSP để đăng nhập, do đó, luồng này có thể dẫn đến một giải pháp tích hợp đầy đủ GWT với Spring Security theo cách tiêu chuẩn. Dù sao, nếu có một tài liệu tham khảo, nơi điều này đã được thực hiện thành công, chủ đề này có thể được đóng lại với một liên kết đến tham chiếu đó tất nhiên.Integration GWT Xuân An (PURE GWT, NO JSP)
Cho đến nay đây là cách tiếp cận đầu tiên của tôi:
ApplicationContext-security.xml:
<http auto-config="false" use-expressions="true" entry-point-ref="customAuthenticationEntryPoint">
<intercept-url pattern="/ApplicationScaffold.html" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
</http>
<beans:bean id="customAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
c:loginFormUrl="/ApplicationScaffold.html" />
<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
<authentication-provider>
...
</authentication-provider>
</authentication-manager>
ApplicationScaffold.html (ứng dụng của tôi đã được tạo ra với Spring Roo) là trang bắt đầu của tôi có chứa trang đăng nhập GWT.
web.xml:
<display-name>securitytest</display-name>
<description>Roo generated application</description>
<!-- Enable escaping of form submission contents -->
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
</context-param>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>HttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Handles Spring requests -->
<servlet>
<servlet-name>securitytest</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/webmvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>requestFactory</servlet-name>
<servlet-class>com.securitytest.server.CustomRequestFactoryServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>securitytest</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>requestFactory</servlet-name>
<url-pattern>/gwtRequest</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
Lớp CustomRequestFactoryServlet
kéo dài RequestFactoryServlet
cung cấp một constructor thêm để giải quyết các dịch vụ xuân và không nên có liên quan đến vấn đề an ninh.
Sau khi nhập tên truy cập và mật khẩu trên GWT phụ tùng một dịch vụ đăng nhập được gọi (thông qua RequestFactory
) mà chỉ đơn giản nào sau đây:
public String loginUser(String username, String password) {
UsernamePasswordAuthenticationToken token =
new UsernamePasswordAuthenticationToken(username, password);
Authentication authenticatedUser = authenticationManager.authenticate(token);
SecurityContextHolder.getContext().setAuthentication(authenticatedUser);
return username;
}
Vì vậy, khi tôi nhập một URL như .. /fooooooo tôi mong đợi đơn đăng ký của tôi để chuyển hướng tôi đến trang đăng nhập (ApplicationScaffold.html). Nhưng chỉ URL trong thanh địa chỉ của trình duyệt được đặt thành ../ ApplicationScaffold.html và không có gì khác xảy ra.
Tôi đang làm gì sai?
Các stack trace cho biết như sau:
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 2 of 7 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 3 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[INFO] 2012-12-17 13:41:07,502 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 4 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[INFO] 2012-12-17 13:41:07,503 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
[INFO] 2012-12-17 13:41:07,503 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 5 of 7 in additional filter chain; firing Filter: 'SessionManagementFilter'
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.session.SessionManagementFilter - Requested session ID1nkvhmubnkz6h is invalid.
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /fooooooooo at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/fooooooooo'; against '/applicationscaffold.html'
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /fooooooooo; Attributes: [hasRole('ROLE_USER')]
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.sp[email protected]5f8d13b8, returned: -1
[INFO] 2012-12-17 13:41:07,504 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
[INFO] org.springframework.security.access.AccessDeniedException: Access is denied
...
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - DefaultSavedRequest added to Session: DefaultSavedRequest[http://127.0.0.1:8888/fooooooooo]
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Calling Authentication entry point.
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to 'http://127.0.0.1:8888/ApplicationScaffold.html'
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[INFO] 2012-12-17 13:41:07,506 [btpool0-0] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:[email protected] A new one will be created.
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 2 of 7 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: both null (property equals)
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURI: arg1=/fooooooooo; arg2=/ApplicationScaffold.html (property not equals)
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
[INFO] 2012-12-17 13:41:07,543 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 3 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 4 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authe[email protected]: RemoteIpAddress: 127.0.0.1; SessionId: q0k5u6clocpc; Granted Authorities: ROLE_ANONYMOUS'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 5 of 7 in additional filter chain; firing Filter: 'SessionManagementFilter'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/applicationscaffold.html'; against '/applicationscaffold.html'
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /ApplicationScaffold.html; Attributes: [permitAll]
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: q0k5u6clocpc; Granted Authorities: ROLE_ANONYMOUS
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.sp[email protected]5f8d13b8, returned: 1
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /ApplicationScaffold.html reached end of additional filter chain; proceeding with original chain
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter - Opening JPA EntityManager in OpenEntityManagerInViewFilter
[INFO] 2012-12-17 13:41:07,544 [btpool0-0] DEBUG org.hibernate.impl.SessionImpl - opened session at timestamp: 13557480675
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'securitytest' processing GET request for [/ApplicationScaffold.html]
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /ApplicationScaffold.html
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Did not find handler method for [/ApplicationScaffold.html]
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - Matching patterns for request [/ApplicationScaffold.html] are [/**]
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - URI Template variables for request [/ApplicationScaffold.html] are {}
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - Mapping [/ApplicationScaffold.html] to HandlerExecutionChain with handler [org.spring[email protected]3e3bfa58] and 1 interceptor
[INFO] 2012-12-17 13:41:07,545 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet - Last-Modified value for [/ApplicationScaffold.html] is: -1
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'securitytest': assuming HandlerAdapter completed request handling
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.web.servlet.DispatcherServlet - Successfully completed request
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter - Closing JPA EntityManager in OpenEntityManagerInViewFilter
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.orm.jpa.EntityManagerFactoryUtils - Closing JPA EntityManager
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
[INFO] 2012-12-17 13:41:07,547 [btpool0-0] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 1 of 7 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.mortbay.jetty.servlet.HashSessionManager$Session:[email protected] A new one will be created.
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 2 of 7 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
[INFO] 2012-12-17 13:41:07,583 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: both null (property equals)
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.DefaultSavedRequest - requestURI: arg1=/fooooooooo; arg2=/applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html (property not equals)
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 3 of 7 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 4 of 7 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: q0k5u6clocpc; Granted Authorities: ROLE_ANONYMOUS'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 5 of 7 in additional filter chain; firing Filter: 'SessionManagementFilter'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 6 of 7 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.FilterChainProxy - /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html at position 7 of 7 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/applicationscaffold/c142d67e9948229be2b28e2a99e7c59a.cache.html'; against '/applicationscaffold.html'
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /applicationScaffold/C142D67E9948229BE2B28E2A99E7C59A.cache.html; Attributes: [hasRole('ROLE_USER')]
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.sprin[email protected]9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.sprin[email protected]957e: RemoteIpAddress: 127.0.0.1; SessionId: q0k5u6clocpc; Granted Authorities: ROLE_ANONYMOUS
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.sp[email protected]5f8d13b8, returned: -1
[INFO] 2012-12-17 13:41:07,584 [btpool0-0] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
[INFO] org.springframework.security.access.AccessDeniedException: Access is denied
+1 về câu hỏi. – SSR