Difference between access="permitAll" and filters="none"?

Here is a part from Spring Security petclinic example:

<http use-expressions="true">
    <intercept-url pattern="/" access="permitAll"/>
    <intercept-url pattern="/static/**" filters="none" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
    <form-login />
    <logout />
</http>

What is the difference betw开发者_运维问答een access="permitAll" and filters="none"?

Url: http://static.springsource.org/spring-security/site/petclinic-tutorial.html

The difference is that filters = "none" disables Spring Security filters for the specified URLs, whereas access = "permitAll" configures authorization without disabling filters.

In practice, filters = "none" may cause problems when resources behind it require some functionality of Spring Security. For example, you can't use it for user registration page that performs programmatic login on submit (User Granted Authorities are always : ROLE_ANONYMOUS?).