Spring Security 匿名認證

一、項目截圖：

二、匿名認證配置：

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">
    <security:http auto-config="true">
        <security:anonymous enabled="true" key="doesNotMatter" granted-authority="ROLE_ANONYMOUSLY" username="user"></security:anonymous>
        <security:intercept-url pattern="/admin/**" access="ROLE_USER"/> --設置ROLE_USER訪問權限
        <security:intercept-url pattern="/common/**" access="ROLE_USER,ROLE_ANONYMOUSLY"/>
        <security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ANONYMOUSLY"></security:intercept-url>
    </security:http>
<!--    <bean id="anonymousAuthFilter"
          class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
        <property name="key" value="doesNotMatter" />
        <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS" />
    </bean>

    <bean id="anonymousAuthenticationProvider"
          class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
        <property name="key" value="doesNotMatter" />
    </bean>-->
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="admin" password="admin" authorities="ROLE_USER"></security:user>
                <security:user name="user" password="user" authorities="ROLE_ANONYMOUSLY"></security:user>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

admin 登錄後能訪問全部頁面，而user登錄將返回拒絕受權，如圖: