我正在学习本教程：
http://www.mkyong.com/spring-security/spring-security-hello-world-example/

在spring-security-xml中

<http auto-config="true">
    <intercept-url pattern="/welcome*" access="ROLE_USER" />
</http>

在web.xml中,我们必须定义实际的过滤器

<!-- Spring Security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
              org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

所以我没有得到这个,我们将截取映射到2个地方的2个网址.致/欢迎*和/ *.为什么我们需要这两个？我在这里错过了什么吗？

解决方法:

DelegatingFilterProxy不是Spring Security类.它来自Spring Web包.

Proxy for a standard Servlet 2.3 Filter, delegating to a
Spring-managed bean that implements the Filter interface. Supports a
“targetBeanName” filter init-param in web.xml, specifying the name
of the target bean in the Spring application context.

当你使用

<http auto-config="true">

</http>

Spring Security使用名称springSecurityFilterChain创建(隐式)bean(这就是为什么你的web.xml中有< filter-name> springSecurityFilterChain< / filter-name>)并且所有请求(/ *)都由它处理(由Spring Security提供) .

然后配置Spring Security并为其提供更具体的URL(/ * welcome).

<intercept-url pattern="/welcome*" access="ROLE_USER" />

这就像说：

> Spring Security应调查所有URL请求(/ *)
>当URL匹配/ welcome * principal应具有ROLE_USER角色.

如果您的应用程序需要更高级的安全性处理,您可以自己创建该过滤器链bean并手动配置所有过滤器.

例：

<!-- Filter Chain -->
<bean id="springSecurityFilterChain"
      class="org.springframework.security.web.FilterChainProxy">
    <constructor-arg>
        <list>
            <sec:filter-chain pattern="/favicon.ico"
                              filters="none"/>

            <sec:filter-chain pattern="/img/**"
                              filters="none"/>

            <sec:filter-chain pattern="/**" 
                 filters="bannedIPsFilter, <!-- custom filter -->
                         channelProcessingFilter,
                         securityContextPersistenceFilter,
                         concurrentSessionFilter,
                         logoutFilter,
                         secondAuthenticationFilter, <!-- custom filter -->
                         openIDAuthenticationFilter,
                         usernamePasswordAuthenticationFilter,
                         anonymousAuthenticationFilter,
                         captchaFilter, <!-- custom filter -->
                         sessionManagementFilter,
                         exceptionTranslationFilter,
                         filterSecurityInterceptor,
                         switchUserProcessingFilter"
                    />
        </list>
    </constructor-arg>
</bean>