OAuth URL Pattern Exclude

[bpholt]

Hello,

I am building a website that will require a particular OAuth1 access token for all URLs but for a specific few. Is there a way to indicate this using the <oauth:url> patterns? I'd like to be able to use

Code:

<oauth:url pattern="/**" resources="oauthResourceRef" />

and then somehow exclude the specific paths that shouldn't require any OAuth tokens, but I can't figure out how to do it. I've tried putting something like "none" in the resources field, or even leaving it empty, but nothing seems to work. In other words, something like:

Code:

<oauth:consumer resource-details-service-ref="resourceDetails" oauth-failure-page="/oauth-failure.jsp">
    <oauth:url pattern="/" resources="none"/>
    <oauth:url pattern="/secondUnsecuredResource" resources="none"/>
    <oauth:url pattern="/**" resources="oauthResourceRef" />
</oauth:consumer>

I don't want to turn off the security filters entirely for these resources, and I'd really rather not move the secured resources into a more specific location in order to keep the structure of my application clean. In other words, NOT:

Code:

<oauth:url pattern="/secure/**" resources="oauthResourceRef"/>

Thanks in advance for your help.

[stoicflame]

I'm afraid there isn't a way to do that right now. It definitely needs to be added, though. I've opened a JIRA issue for this:

https://jira.springsource.org/browse/SECOAUTH-43

[bpholt]

Ok, that's what I was afraid of. Thanks for the quick response!