Spring Security - 始终重定向到 default-target-url

Question

我在访问 url 时遇到问题，即使成功登录，也总是重定向到 default-target-url。当我第一次访问 /clinic/administator/jabatan/ 时，它会将我重定向到登录页面，但主要问题是自动重定向或手动访问该 url 总是重定向到 /clinic/home。

Spring 安全配置：

<beans 
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:security="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.1.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    <!--auto-config="true"-->
    <security:http use-expressions="true" access-denied-page="/WEB-INF/view/error/access-denied.jsp">
        <security:intercept-url pattern="/index*" access="permitAll" />
        <security:intercept-url pattern="/resources/**" access="permitAll" />
        <security:intercept-url pattern="/administator/**" access="isAuthenticated()" />

        <security:form-login login-page="/index" default-target-url="/home" authentication-failure-url="/index?error=true" />
    </security:http>

    <context:component-scan base-package="com.syncbro.clinic" />
    <context:annotation-config />

    <bean id="userDetailsService" class="com.syncbro.clinic.service.impl.UserDetailsServiceImpl" autowire="byType" />
    <bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <property name="userDetailsService" ref="userDetailsService" />
    </bean>

    <security:authentication-manager>
        <security:authentication-provider ref="daoAuthenticationProvider" />
        <!--    <security:password-encoder hash="sha-256" />
        </security:authentication-provider>-->
    </security:authentication-manager>

</beans>

Spring 安全调试：

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@94bed677: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@94bed677: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

INFO: 14 Jul 2013 12:56:25,364 104661 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'

INFO: 14 Jul 2013 12:56:25,374 104671 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/index*'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/index*'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/resources/**'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/resources/**'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/administator/**'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/administator/jabatan/'; against '/administator/**'

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /administator/jabatan/; Attributes: [isAuthenticated()]

INFO: 14 Jul 2013 12:56:25,394 104691 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /administator/jabatan/; Attributes: [isAuthenticated()]

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Previously Authenticated: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.access.vote.AffirmativeBased  - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@57cabdca, returned: 1

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.access.vote.AffirmativeBased  - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@57cabdca, returned: 1

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Authorization successful

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Authorization successful

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - RunAsManager did not change Authentication object

INFO: 14 Jul 2013 12:56:25,404 104701 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - RunAsManager did not change Authentication object

INFO: 14 Jul 2013 12:56:25,414 104711 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ reached end of additional filter chain; proceeding with original chain

INFO: 14 Jul 2013 12:56:25,414 104711 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.FilterChainProxy  - /administator/jabatan/ reached end of additional filter chain; proceeding with original chain

INFO: 14 Jul 2013 12:56:25,424 104721 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Chain processed normally

INFO: 14 Jul 2013 12:56:25,424 104721 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Chain processed normally

INFO: 14 Jul 2013 12:56:25,424 104721 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

INFO: 14 Jul 2013 12:56:25,424 104721 [http-thread-pool-8080(3)] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

INFO: 14 Jul 2013 12:56:25,565 104862 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'

INFO: 14 Jul 2013 12:56:25,565 104862 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@94bed677: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository  - Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@94bed677: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

INFO: 14 Jul 2013 12:56:25,575 104872 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter  - SecurityContextHolder not populated with anonymous token, as it already contained: 'org.springframework.security.authentication.UsernamePasswordAuthenticationToken@94bed677: Principal: org.springframework.security.core.userdetails.User@586034f: Username: admin; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMINISTRATOR; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@43458: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: bbf2cc6aac40b722885672e0853a; Granted Authorities: ROLE_ADMINISTRATOR'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/index*'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/index*'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/resources/**'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/resources/**'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/administator/**'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.util.AntPathRequestMatcher  - Checking match of request : '/home'; against '/administator/**'

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Public object - authentication not attempted

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Public object - authentication not attempted

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home reached end of additional filter chain; proceeding with original chain

INFO: 14 Jul 2013 12:56:25,585 104882 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.FilterChainProxy  - /home reached end of additional filter chain; proceeding with original chain

INFO: 14 Jul 2013 12:56:25,606 104903 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Chain processed normally

INFO: 14 Jul 2013 12:56:25,606 104903 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter  - Chain processed normally

INFO: 14 Jul 2013 12:56:25,606 104903 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

INFO: 14 Jul 2013 12:56:25,606 104903 [http-thread-pool-8080(2)] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter  - SecurityContextHolder now cleared, as request processing completed

Answer 1

我认为由于第一个拦截 URL 规则匹配，它需要 permitAll 角色；。

<security:intercept-url pattern="/index*" access="permitAll" />

您的登录页面 URL 还包含“/index”。

<security:form-login login-page="/index" default-target-url="/home" authentication-failure-url="/index?error=true" />

由于“/index” URL 需要认证和授权，因此再次重定向到登录页面； 也许您可以更改第一个条目的拦截网址模式并重试。

Answer 2

如果您使用索引作为登录页面，建议创建一个单独的欢迎页面。

从以下配置中删除 /index 之后的 *：

<security:intercept-url pattern="/index" access="permitAll" />

对于这个url /clinic/administator/jabatan/，定义一个新的拦截器如下：

<security:intercept-url pattern="/administator/jabatan/**" access="isAuthenticated()" />