intercept-url configuration

**epaisley** · Sep 27th, 2012, 04:58 PM

Hello,

I'm hoping someone can help me. My config is set up below. I'm trying to secure down my app. I want it to have to be authenticated (logged in) everywhere you go, thus the /**. The problem is the Login page is being treated as protected area and I get stuck in an infinite loop in the browser, like it is just ignoring the permitAll. The "Login" form is a spring mvc form in site of MySite. Any suggestions?

Code:

<http auto-config="true" use-expressions="true" create-session="never">
		<intercept-url pattern="http://localhost:8080/MySite/Login" access="permitAll" />          
		<intercept-url pattern="http://localhost:8080/MySite/Login/**" 	access="permitAll" /> 
		<intercept-url pattern="/**" access="isAuthenticated()" /> 
		<form-login login-page="${myWoodmen.security.form.login}" />
		
		<logout logout-success-url="http://localhost:8080/MyWoodmen/Login" />

		<remember-me key="AppKey123456" services-ref="mySiteRememberMeService" />
	</http>

**Lsync** · Sep 28th, 2012, 05:29 AM

I am not a Spring Security specialist, but maybe you should try first short patterns (/Login* instead of http://localhost:8080/MySite/Login), just like in the documentation example and than test if your browser goes exactly to expected page?

UPD: Sorry, I haven't seen your previous post before.

Thread: intercept-url configuration

Thread Tools

Display

intercept-url configuration

Posting Permissions