昨天在公司测试spring security,在controller里边发现SecurityContextHolder.getContext().getAuthentication()始终为null,百思不得其解,google上查半天也没解决,这样那样的说法都有,回家后继续google,结果有一阵不知搜什么词语了不让继续访问了,只好用百度,别说真找到答案了,头一次百度在技术搜索战胜了google,下面是解决方案地址,不多说了:
http://blog.csdn.net/jjk_02027/article/details/6544889
http://www.oschina.net/question/230429_51547
http://stackoverflow.com/questions/7573899/retrieve-spring-securitys-authentication-even-on-public-pages-with-filter-non/7574241#7574241
关键就是要把filters="none" 变化为相应的权限如access="permitAll"(必须设置<http auto-config="true" use-expressions="true">,否则会提示permitAll找不到),或者access = "IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"
,当然security 3.1是要修改<http pattern="/login" security="none"/>这类的