Url pattern to secure a form

**r.rodriguez** · Mar 10th, 2011, 10:54 AM

Hi all,

I'm working with ROO and Spring Security, and I wanted to secure a form. I want to allow users list books (..../books), but I want to secure the editing and creating form (.../books?form).

I tried to put the next code into the applicationContext-security.xml file:

Code:

...
<intercept-url pattern="/books*form" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/books" access="hasRole('ROLE_USER')"/>
...

But it didn't work. Any idea about the correct url pattern to secure the form?

**r.rodriguez** · Mar 14th, 2011, 06:56 AM

I finally solved it. You can permit or refuse access depending on the method. For example, in this case I restricted access to only the ROLE_ADMIN to the URL with methods PUT, POST and DELETE. Doing that you only allow users to list the objects, but they can't create, update or delete them.

**Rob Winch** · Mar 14th, 2011, 08:45 AM

Spring Security will not process query parameters when using the namespace with the ant path matcher (it strips them off before comparison). You can set the http@path-type to regular expressions to include query string parameters.

Thread: Url pattern to secure a form

Thread Tools

Display

Url pattern to secure a form

Posting Permissions