吐槽spring security 3.2 框架

在实际应用中觉得spring security的命名空间缺少两个元素:<!--[endif]-->

form-login 没有Post-only属性的配置吐槽spring security 3.2 框架,而UsernamePasswordAuthenticationFilter 源码中post默认为true

public class UsernamePasswordAuthenticationFilter extends

AbstractAuthenticationProcessingFilter {

public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";

public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";

 

@Deprecated

public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";

private String usernameParameter = "j_username";

private String passwordParameter = "j_password";

private boolean postOnly = true;

吐槽spring security 3.2 框架
 

why  http 中提供了FilterSecurityInterceptor的accessDecisionManager和authenticationManager的配置,而不提供FilterInvocationSecurityMetadataSource的配置??

吐槽spring security 3.2 框架
 

相关推荐